Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes < 9.2.1 'itpc:' Buffer Overflow Vulnerability

Medium

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 9.2.1 are potentially affected by a buffer overflow vulnerability in the handling of 'itpc:' URLs which may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed itpc: link to a user on the remote host and wait for him to click on it.

Solution

Upgrade to iTunes 9.2.1 or later.