iTunes < 6.0.5 AAC File Integer Overflow (Mac OS X)
Medium Nessus Plugin ID 21781
SynopsisThe remote host contains an application that is affected by a remote code execution flaw.
DescriptionThe remote host is running iTunes, a popular jukebox program.
The remote version of this software is vulnerable to an integer overflow when it parses specially crafted AAC files which may lead to the execution of arbitrary code.
An attacker may exploit this flaw by sending a malformed AAC file to a user on the remote host and wait for him to play it with iTunes.
SolutionUpgrade to iTunes 6.0.5 or newer