Signature Detail
Short Name |
HTTP:STC:ITUNES-HANDLER-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple iTunes Handler Stack Buffer Overflow |
Release Date |
2009/06/22 |
Update Number |
1449 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple iTunes Handler Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Apple iTunes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Apple iTunes is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks before copying user-supplied data to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attacks will likely cause denial-of-service conditions.
Affected Products
- Apple iTunes 7.0.2
- Apple iTunes 7.3.0
- Apple iTunes 7.3.1
- Apple iTunes 7.3.2
- Apple iTunes 7.4
- Apple iTunes 8.0
- Apple iTunes 8.0.2.20
- Apple iTunes 8.1
References
- BugTraq: 35157
- CVE: CVE-2009-0950