Signature Detail
Short Name |
HTTP:STC:DL:APPLE-ITUNES-IO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple iTunes AAC File Handling Integer Overflow |
Release Date |
2011/06/27 |
Update Number |
1945 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple iTunes AAC File Handling Integer Overflow
This signature detects attempts to exploit a known vulnerability in the MP4/M4P/M4A/ACC file format. A successful attack can lead arbitrary remote code execution within the context of the user.
Extended Description
iTunes is prone to an integer-overflow vulnerability. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.
Affected Products
- Apple iTunes 4.2.0 .72
- Apple iTunes 4.5.0
- Apple iTunes 4.6.0
- Apple iTunes 4.7.0
- Apple iTunes 4.7.1
- Apple iTunes 4.8.0
- Apple iTunes 5.0.0
- Apple iTunes 6.0.0
- Apple iTunes 6.0.1
- Apple iTunes 6.0.2
- Apple iTunes 6.0.3
- Apple iTunes 6.0.4
References
- BugTraq: 18730
- CVE: CVE-2006-1467