Vulnerabilities > CVE-2005-0043 - Buffer Overflow vulnerability in Apple Itunes 4.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Apple iTunes Playlist Local Parsing Buffer Overflow Exploit. CVE-2005-0043. Remote exploit for osx platform id EDB-ID:758 last seen 2016-01-31 modified 2005-01-16 published 2005-01-16 reporter nemo source https://www.exploit-db.com/download/758/ title Apple iTunes Playlist Local Parsing Buffer Overflow Exploit description Apple ITunes 4.7 Playlist Buffer Overflow. CVE-2005-0043. Local exploit for windows platform id EDB-ID:16562 last seen 2016-02-02 modified 2010-05-09 published 2010-05-09 reporter metasploit source https://www.exploit-db.com/download/16562/ title Apple ITunes 4.7 Playlist Buffer Overflow
Metasploit
description | This module exploits a stack buffer overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/APPLE_ITUNES_PLAYLIST |
last seen | 2020-01-15 |
modified | 2017-07-24 |
published | 2007-02-03 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0043 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/apple_itunes_playlist.rb |
title | Apple ITunes 4.7 Playlist Buffer Overflow |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_ITUNES_OVERFLOW.NASL |
description | The remote host is running a version of iTunes which is older than version 4.7.1. The remote version of this software is vulnerable to a buffer overflow when it parses a malformed playlist file (.m3u or .pls files). A remote attacker could exploit this by tricking a user into opening a maliciously crafted file, resulting in arbitrary code execution. |
last seen | 2020-03-18 |
modified | 2005-01-13 |
plugin id | 16151 |
published | 2005-01-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16151 |
title | iTunes < 4.7.1 |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/83127/apple_itunes_playlist.rb.txt |
id | PACKETSTORM:83127 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | MC |
source | https://packetstormsecurity.com/files/83127/Apple-ITunes-4.7-Playlist-Buffer-Overflow.html |
title | Apple ITunes 4.7 Playlist Buffer Overflow |
References
- http://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html
- http://secunia.com/advisories/13804
- http://securitytracker.com/id?1012839
- http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/377368
- http://www.osvdb.org/12833
- http://www.securityfocus.com/bid/12238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18851