Short Name |
HTTP:STC:DL:APPLE-ITUNES-IO |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple iTunes AAC File Handling Integer Overflow |
Release Date |
2011/06/27 |
Update Number |
1945 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the MP4/M4P/M4A/ACC file format. A successful attack can lead arbitrary remote code execution within the context of the user.
iTunes is prone to an integer-overflow vulnerability. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.