Vulnerabilities > CVE-2012-0677 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Apple iTunes 10 Extended M3U Stack Buffer Overflow. CVE-2012-0677. Remote exploit for windows platform id EDB-ID:19387 last seen 2016-02-02 modified 2012-06-25 published 2012-06-25 reporter metasploit source https://www.exploit-db.com/download/19387/ title Apple iTunes 10 Extended M3U Stack Buffer Overflow description Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow. CVE-2012-0677. Dos exploits for multiple platform id EDB-ID:19098 last seen 2016-02-02 modified 2012-06-13 published 2012-06-13 reporter LiquidWorm source https://www.exploit-db.com/download/19098/ title Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow
Nessus
NASL family Windows NASL id ITUNES_10_6_3.NASL description The version of Apple iTunes installed on the remote Windows host is older than 10.6.3 and is, therefore, affected by the following issues : - A memory corruption issue exists in WebKit that can allow malicious websites to crash the application and possibly to execute arbitrary code. (CVE-2012-0672) - Stack and heap based buffer overflow errors related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 59497 published 2012-06-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59497 title Apple iTunes < 10.6.3 Multiple Vulnerabilities (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59497); script_version("1.13"); script_cvs_date("Date: 2018/07/12 19:01:17"); script_cve_id("CVE-2012-0672", "CVE-2012-0677"); script_bugtraq_id(53404, 53933, 54113); script_xref(name:"EDB-ID", value:"19098"); script_xref(name:"EDB-ID", value:"19322"); script_xref(name:"EDB-ID", value:"19387"); script_name(english:"Apple iTunes < 10.6.3 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks version of iTunes on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a multimedia application that has multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Apple iTunes installed on the remote Windows host is older than 10.6.3 and is, therefore, affected by the following issues : - A memory corruption issue exists in WebKit that can allow malicious websites to crash the application and possibly to execute arbitrary code. (CVE-2012-0672) - Stack and heap based buffer overflow errors related to the handling of 'm3u' playlist files. These errors can cause the application to crash or possibly allow arbitrary code execution. (CVE-2012-0677)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT5318" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html" ); script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.6.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iTunes 10 Extended M3U Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("itunes_detect.nasl"); script_require_keys("SMB/iTunes/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/iTunes/Version"); fixed_version = "10.6.3.25"; if (ver_compare(ver:version, fix:fixed_version) == -1) { if (report_verbosity > 0) { path = get_kb_item("SMB/iTunes/Path"); if (isnull(path)) path = 'n/a'; report = '\n Path : '+path+ '\n Installed version : '+version+ '\n Fixed version : '+fixed_version+'\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else audit(AUDIT_INST_VER_NOT_VULN, "iTunes", version);
NASL family MacOS X Local Security Checks NASL id MACOSX_ITUNES_10_6_3.NASL description The version of iTunes installed on the remote Mac OS X host is earlier than 10.6.3 and is, therefore, affected by stack and heap based buffer overflow vulnerabilities. The application does not properly handle last seen 2020-06-01 modified 2020-06-02 plugin id 59499 published 2012-06-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59499 title iTunes < 10.6.3 m3u Multiple Buffer Overflow Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59499); script_version("1.14"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id("CVE-2012-0677"); script_bugtraq_id(53933, 54113); script_xref(name:"EDB-ID", value:"19098"); script_xref(name:"EDB-ID", value:"19322"); script_xref(name:"EDB-ID", value:"19387"); script_name(english:"iTunes < 10.6.3 m3u Multiple Buffer Overflow Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of iTunes on Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a multimedia application that has multiple buffer overflow vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of iTunes installed on the remote Mac OS X host is earlier than 10.6.3 and is, therefore, affected by stack and heap based buffer overflow vulnerabilities. The application does not properly handle 'm3u' playlist files. This error can cause the application to crash or possibly allow arbitrary code execution." ); script_set_attribute( attribute:"solution", value:"Upgrade to iTunes 10.6.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple iTunes 10 Extended M3U Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT5318" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html" ); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("macosx_itunes_detect.nasl"); script_require_keys("Host/MacOSX/Version", "installed_sw/iTunes"); exit(0); } include("vcf.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); app_info = vcf::get_app_info(app:"iTunes"); constraints = [{"fixed_version" : "10.6.3"}]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Peer-To-Peer File Sharing NASL id ITUNES_10_6_3_BANNER.NASL description The version of Apple iTunes on the remote Windows host is prior to version 10.6.3. It is, therefore, affected by the following vulnerabilities : - A memory corruption vulnerability exists in the WebKit component. By using a specially crafted website, an attacker can exploit this to cause a denial of service or execute arbitrary code. Note that this vulnerability was addressed on Mac OS X systems by an update for Safari and, therefore, may not necessarily affect the remote host. (CVE-2012-0672) - Stack and heap based buffer overflow errors exist in the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 59498 published 2012-06-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59498 title Apple iTunes < 10.6.3 Multiple Vulnerabilities (uncredentialed check)
Oval
accepted | 2015-06-22T04:00:15.729-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:17016 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-07-30T11:32:03.685-04:00 | ||||||||||||
title | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist | ||||||||||||
version | 7 |
Packetstorm
data source https://packetstormsecurity.com/files/download/114004/itunes_extm3u_bof.rb.txt id PACKETSTORM:114004 last seen 2016-12-05 published 2012-06-21 reporter Rh0 source https://packetstormsecurity.com/files/114004/iTunes-Extended-M3U-Stack-Buffer-Overflow.html title iTunes Extended M3U Stack Buffer Overflow data source https://packetstormsecurity.com/files/download/113555/ZSL-2012-5093.txt id PACKETSTORM:113555 last seen 2016-12-05 published 2012-06-12 reporter LiquidWorm source https://packetstormsecurity.com/files/113555/Apple-iTunes-10.6.1.7-M3U-Playlist-Buffer-Overflow.html title Apple iTunes 10.6.1.7 M3U Playlist Buffer Overflow
Saint
bid | 53933 |
description | iTunes m3u Playlist Overflow |
id | misc_itunes |
osvdb | 82897 |
title | itunes_m3u_playlist_overflow |
type | client |
Seebug
bulletinFamily exploit description CVE ID: CVE-2012-0672,CVE-2012-0677 iTunes是一款媒体播放器的应用程序,2001年1月10日由苹果电脑在旧金山的Macworld Expo推出,用来播放以及管理数字音乐和与视频文件,是管理苹果iPod的文件的主要工具。 Apple iTunes在捆绑的WebKit中存在有漏洞版本,并且在处理特制的M3U (".m3u")文件列表时存在错误可被利用造成堆缓冲区溢出,执行任意代码,从而控制用户系统。该漏洞不影响OS X Lion系统上的应用。 0 Apple iTunes 10.x 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(HT5318)以及相应补丁: HT5318:About the security content of iTunes 10.6.3 链接:http://support.apple.com/kb/HT5318 id SSV:60206 last seen 2017-11-19 modified 2012-06-13 published 2012-06-13 reporter Root title Apple iTunes执行任意代码和拒绝服务漏洞 bulletinFamily exploit description No description provided by source. id SSV:73260 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-73260 title Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow bulletinFamily exploit description No description provided by source. id SSV:73064 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-73064 title Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow