Vulnerabilities > CVE-2005-0043 - Buffer Overflow vulnerability in Apple Itunes 4.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus
exploit available
metasploit
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.

Vulnerable Configurations

Part Description Count
Application
Apple
1

Exploit-Db

  • descriptionApple iTunes Playlist Local Parsing Buffer Overflow Exploit. CVE-2005-0043. Remote exploit for osx platform
    idEDB-ID:758
    last seen2016-01-31
    modified2005-01-16
    published2005-01-16
    reporternemo
    sourcehttps://www.exploit-db.com/download/758/
    titleApple iTunes Playlist Local Parsing Buffer Overflow Exploit
  • descriptionApple ITunes 4.7 Playlist Buffer Overflow. CVE-2005-0043. Local exploit for windows platform
    idEDB-ID:16562
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16562/
    titleApple ITunes 4.7 Playlist Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
idMSF:EXPLOIT/WINDOWS/BROWSER/APPLE_ITUNES_PLAYLIST
last seen2020-01-15
modified2017-07-24
published2007-02-03
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0043
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/apple_itunes_playlist.rb
titleApple ITunes 4.7 Playlist Buffer Overflow

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_ITUNES_OVERFLOW.NASL
descriptionThe remote host is running a version of iTunes which is older than version 4.7.1. The remote version of this software is vulnerable to a buffer overflow when it parses a malformed playlist file (.m3u or .pls files). A remote attacker could exploit this by tricking a user into opening a maliciously crafted file, resulting in arbitrary code execution.
last seen2020-03-18
modified2005-01-13
plugin id16151
published2005-01-13
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16151
titleiTunes < 4.7.1
code
#TRUSTED 5f8b76d3ec6c6e046ef9cd51927ee72bf280bdb92a022051fbbb384067c04e1c85b2aa7c2649451e8226655dec427e0c82d4591f850a56c6429dbf3ac93899680da241b2eb831dd7d0d392648604cebb28f83913022f2b9576235d3daffff49401511cea11483f29d8700667d5147124132b03fe762d6133832b12764e7ee811eb1373829e344b721185c7816b99927e3bf1079186663bb5bf4a9e3100993ebeac12e0ebf3ca5ea1c3f66fab48b1e746ebe32dd939ba8bc080fcf97caa838c8803b17f76212232fb24254d9288d3f6d1019e3b4226f814c1da64d01133d9a1d9be0a7c14caa095ea5e29f6aecc270f8e28cb5dd232ec702a068e8c719d1a261b63861705ec6d7a06681afc6a4d8fb4fa3f35b3884cf29c2f720c1c7cbf9b9d0af830a20c7a88026addd1d2cb6b696f80bfa41ab8f2904fb9f0d13f33423cb245a215d31274745fb60e822fedd173621fbd939f18703d3c42399ca3bf046a2bf95598d8fd63fd1b1ac2d1e7c35908b4b29152b8b2a1b23ccb671cdd8d5a350d308b2c685a8c12bbc3036830c89c7033e5c35c1d05e715ace20e654df597458f7629e0722d33599d29d1dbadb4da8e74811633f8964e2b325d26300cb2d8a5288f9c91ee9ff569d4d04d3954dba077db7f430290a5f371846087d3f0e8477deaf0c9fa32fd82a9bde0028d700d3d6848cce5d563a7f726540644e3fad8311f0659
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16151);
 script_version("1.23");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

 script_cve_id("CVE-2005-0043");
 script_bugtraq_id(12238);
 script_xref(name:"Secunia", value:"13804");
 script_xref(name:"APPLE-SA", value:"APPLE-SA-2005-01-11");

 script_name(english:"iTunes < 4.7.1");
 script_summary(english:"Check the version of iTunes");

 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is running a version of iTunes which is older than
version 4.7.1.  The remote version of this software is vulnerable
to a buffer overflow when it parses a malformed playlist file
(.m3u or .pls files).  A remote attacker could exploit this by
tricking a user into opening a maliciously crafted file, resulting
in arbitrary code execution." );
 # https://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eba3be11");
 script_set_attribute(attribute:"see_also", value:"http://seclists.org/bugtraq/2005/Jan/119");
 script_set_attribute(attribute:"solution", value:"Upgrade to iTunes 4.7.1 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Apple ITunes 4.7 Playlist Buffer Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/01/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

cmd = GetBundleVersionCmd(file:"iTunes.app", path:"/Applications");

if ( islocalhost() )
 buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
 ret = ssh_open_connection();
 if ( ! ret ) exit(0);
 buf = ssh_cmd(cmd:cmd);
 ssh_close_connection();
}

if ( ! buf ) exit(0);
if ( ! ereg(pattern:"^iTunes [0-9.]", string:buf) ) exit(0);
version = ereg_replace(pattern:"^iTunes ([0-9.]+),.*", string:buf, replace:"\1");
set_kb_item(name:"iTunes/Version", value:version);
if ( egrep(pattern:"iTunes 4\.([0-6]\..*|7|7\.0)$", string:buf) ) security_warning(0);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83127/apple_itunes_playlist.rb.txt
idPACKETSTORM:83127
last seen2016-12-05
published2009-11-26
reporterMC
sourcehttps://packetstormsecurity.com/files/83127/Apple-ITunes-4.7-Playlist-Buffer-Overflow.html
titleApple ITunes 4.7 Playlist Buffer Overflow

References