[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2359eed20906021520l6064a9a7j4c5ef1545cdb2c46@mail.gmail.com>
Date: Tue, 2 Jun 2009 17:20:46 -0500
From: Will Drewry <redpig@...aspill.org>
To: dvlabs <dvlabs@...pingpoint.com>
Cc: ZDI Disclosures <zdi-disclosures@...pingpoint.com>,
FD <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com>
Subject: Re: TPTI-09-03: Apple iTunes Multiple Protocol
Handler Buffer Overflow Vulnerabilities
Here's the (mac) exploit module to go along with my simul-report to
apple: http://static.dataspill.org/releases/itunes/itms_overflow.rb
On Tue, Jun 2, 2009 at 3:27 PM, dvlabs <dvlabs@...pingpoint.com> wrote:
> TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow
> Vulnerabilities
> http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
> June 2, 2009
>
> -- CVE ID:
> CVE-2009-0950
>
> -- Affected Vendors:
> Apple
>
> -- Affected Products:
> Apple iTunes
>
> -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 8013.
> For further product information on the TippingPoint IPS, visit:
>
> http://www.tippingpoint.com
>
> -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Apple iTunes. User interaction is required
> to exploit this vulnerability in that the target must visit a malicious
> page.
>
> The specific flaw exists in the URL handlers associated with iTunes.
> When processing URLs via the protocol handlers "itms", "itmss", "daap",
> "pcast", and "itpc" an exploitable stack overflow occurs. Successful
> exploitation can lead to a remote system compromise under the
> credentials of the currently logged in user.
>
> -- Vendor Response:
> Apple has issued an update to correct this vulnerability. More
> details can be found at:
>
> http://support.apple.com/kb/HT3592
>
> -- Disclosure Timeline:
> 2009-04-09 - Vulnerability reported to vendor
> 2009-06-02 - Coordinated public release of advisory
>
> -- Credit:
> This vulnerability was discovered by:
> * James King, TippingPoint DVLabs
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists