Apple.ITunes.Itms.URI.Handling.Buffer

NameApple.ITunes.Itms.URI.Handling.Buffer.Overflow
Last Updated DateFeb 04, 2010
Release DateJul 07, 2009
SeverityCritical
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in Apple itunes.

The vulnerability is caused by an error when the vulnerable software handles
an overly long itms uri. It allows a remote attacker to execute arbitrary code by tricking the user to visit a malicious url.
Affected ProductsApple iTunes versions prior to 8.2
Recommended ActionsUpgrade to Apple iTunes version 8.2 or later, available from the following web site:
http://www.apple.com/itunes/download
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0950
Reference/shttp://www.securityfocus.com/bid/35157 (BugTraq)
http://www.vupen.com/english/advisories/2009/1470 (FrSIRT)
http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
http://www.exploit-db.com/exploits/11138
http://www.milw0rm.com/exploits/8934
Reference: VID-17473