Vulnerabilities > CVE-2005-0043 - Buffer Overflow vulnerability in Apple Itunes 4.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus
exploit available
metasploit

Summary

Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.

Vulnerable Configurations

Part Description Count
Application
Apple
1

Exploit-Db

  • descriptionApple iTunes Playlist Local Parsing Buffer Overflow Exploit. CVE-2005-0043. Remote exploit for osx platform
    idEDB-ID:758
    last seen2016-01-31
    modified2005-01-16
    published2005-01-16
    reporternemo
    sourcehttps://www.exploit-db.com/download/758/
    titleApple iTunes Playlist Local Parsing Buffer Overflow Exploit
  • descriptionApple ITunes 4.7 Playlist Buffer Overflow. CVE-2005-0043. Local exploit for windows platform
    idEDB-ID:16562
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16562/
    titleApple ITunes 4.7 Playlist Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
idMSF:EXPLOIT/WINDOWS/BROWSER/APPLE_ITUNES_PLAYLIST
last seen2020-01-15
modified2017-07-24
published2007-02-03
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0043
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/apple_itunes_playlist.rb
titleApple ITunes 4.7 Playlist Buffer Overflow

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_ITUNES_OVERFLOW.NASL
descriptionThe remote host is running a version of iTunes which is older than version 4.7.1. The remote version of this software is vulnerable to a buffer overflow when it parses a malformed playlist file (.m3u or .pls files). A remote attacker could exploit this by tricking a user into opening a maliciously crafted file, resulting in arbitrary code execution.
last seen2020-03-18
modified2005-01-13
plugin id16151
published2005-01-13
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16151
titleiTunes < 4.7.1
code
#TRUSTED 5f8b76d3ec6c6e046ef9cd51927ee72bf280bdb92a022051fbbb384067c04e1c85b2aa7c2649451e8226655dec427e0c82d4591f850a56c6429dbf3ac93899680da241b2eb831dd7d0d392648604cebb28f83913022f2b9576235d3daffff49401511cea11483f29d8700667d5147124132b03fe762d6133832b12764e7ee811eb1373829e344b721185c7816b99927e3bf1079186663bb5bf4a9e3100993ebeac12e0ebf3ca5ea1c3f66fab48b1e746ebe32dd939ba8bc080fcf97caa838c8803b17f76212232fb24254d9288d3f6d1019e3b4226f814c1da64d01133d9a1d9be0a7c14caa095ea5e29f6aecc270f8e28cb5dd232ec702a068e8c719d1a261b63861705ec6d7a06681afc6a4d8fb4fa3f35b3884cf29c2f720c1c7cbf9b9d0af830a20c7a88026addd1d2cb6b696f80bfa41ab8f2904fb9f0d13f33423cb245a215d31274745fb60e822fedd173621fbd939f18703d3c42399ca3bf046a2bf95598d8fd63fd1b1ac2d1e7c35908b4b29152b8b2a1b23ccb671cdd8d5a350d308b2c685a8c12bbc3036830c89c7033e5c35c1d05e715ace20e654df597458f7629e0722d33599d29d1dbadb4da8e74811633f8964e2b325d26300cb2d8a5288f9c91ee9ff569d4d04d3954dba077db7f430290a5f371846087d3f0e8477deaf0c9fa32fd82a9bde0028d700d3d6848cce5d563a7f726540644e3fad8311f0659
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16151);
 script_version("1.23");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

 script_cve_id("CVE-2005-0043");
 script_bugtraq_id(12238);
 script_xref(name:"Secunia", value:"13804");
 script_xref(name:"APPLE-SA", value:"APPLE-SA-2005-01-11");

 script_name(english:"iTunes < 4.7.1");
 script_summary(english:"Check the version of iTunes");

 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is running a version of iTunes which is older than
version 4.7.1.  The remote version of this software is vulnerable
to a buffer overflow when it parses a malformed playlist file
(.m3u or .pls files).  A remote attacker could exploit this by
tricking a user into opening a maliciously crafted file, resulting
in arbitrary code execution." );
 # https://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eba3be11");
 script_set_attribute(attribute:"see_also", value:"http://seclists.org/bugtraq/2005/Jan/119");
 script_set_attribute(attribute:"solution", value:"Upgrade to iTunes 4.7.1 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Apple ITunes 4.7 Playlist Buffer Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/01/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

cmd = GetBundleVersionCmd(file:"iTunes.app", path:"/Applications");

if ( islocalhost() )
 buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
 ret = ssh_open_connection();
 if ( ! ret ) exit(0);
 buf = ssh_cmd(cmd:cmd);
 ssh_close_connection();
}

if ( ! buf ) exit(0);
if ( ! ereg(pattern:"^iTunes [0-9.]", string:buf) ) exit(0);
version = ereg_replace(pattern:"^iTunes ([0-9.]+),.*", string:buf, replace:"\1");
set_kb_item(name:"iTunes/Version", value:version);
if ( egrep(pattern:"iTunes 4\.([0-6]\..*|7|7\.0)$", string:buf) ) security_warning(0);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83127/apple_itunes_playlist.rb.txt
idPACKETSTORM:83127
last seen2016-12-05
published2009-11-26
reporterMC
sourcehttps://packetstormsecurity.com/files/83127/Apple-ITunes-4.7-Playlist-Buffer-Overflow.html
titleApple ITunes 4.7 Playlist Buffer Overflow