icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

iTunes < 9.2.1 'itpc:' Buffer Overflow Vulnerability

Medium

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 9.2.1 are potentially affected by a buffer overflow vulnerability in the handling of 'itpc:' URLs which may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed itpc: link to a user on the remote host and wait for him to click on it.

Solution

Upgrade to iTunes 9.2.1 or later.