SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025152
SecurityTracker URL:  http://securitytracker.com/id/1025152
CVE Reference:   CVE-2011-0170, CVE-2011-0191, CVE-2011-0192, CVE-2010-4494, CVE-2010-4008, CVE-2010-1824, CVE-2011-0111, CVE-2011-0112, CVE-2011-0113, CVE-2011-0114, CVE-2011-0115, CVE-2011-0116, CVE-2011-0117, CVE-2011-0118, CVE-2011-0119, CVE-2011-0120, CVE-2011-0121, CVE-2011-0122, CVE-2011-0123, CVE-2011-0124, CVE-2011-0125, CVE-2011-0126, CVE-2011-0127, CVE-2011-0128, CVE-2011-0129, CVE-2011-0130, CVE-2011-0131, CVE-2011-0132, CVE-2011-0133, CVE-2011-0134, CVE-2011-0135, CVE-2011-0136, CVE-2011-0137, CVE-2011-0138, CVE-2011-0139, CVE-2011-0140, CVE-2011-0141, CVE-2011-0142, CVE-2011-0143, CVE-2011-0144, CVE-2011-0145, CVE-2011-0146, CVE-2011-0147, CVE-2011-0148, CVE-2011-0149, CVE-2011-0150, CVE-2011-0151, CVE-2011-0152, CVE-2011-0153, CVE-2011-0154, CVE-2011-0155, CVE-2011-0156, CVE-2011-0164, CVE-2011-0165, CVE-2011-0168   (Links to External Site)
Date:  Mar 3 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.2
Description:   Multiple vulnerabilities were reported in Apple iTunes. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted JPEG image that, when loaded by the target user, will trigger a heap overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0170]. The code will run with the privileges of the target user. Andrzej Dyjak reported this vulnerability via iDefense VCP.

A remote user can create a specially crafted JPEG encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0191]. The code will run with the privileges of the target user.

A remote user can create a specially crafted CCITT Group 4 encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2011-0192]. The code will run with the privileges of the target user.

A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a double free error and execute arbitrary code on the target system [CVE-2010-4494]. The code will run with the privileges of the target user. Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences, reported this vulnerability.

A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-4008]. The code will run with the privileges of the target user. Bui Quang Minh from Bkis (www.bkis.com) reported this vulnerability.

A remote user with the ability to conduct a man-in-the-middle attack can trigger multiple memory corruption errors in WebKit while the target user browses the iTunes Store via iTunes to execute arbitrary code on the target user's system [CVE-2010-1824, CVE-2011-0111, CVE-2011-0112, CVE-2011-0113, CVE-2011-0114, CVE-2011-0115, CVE-2011-0116, CVE-2011-0117, CVE-2011-0118, CVE-2011-0119, CVE-2011-0120, CVE-2011-0121, CVE-2011-0122, CVE-2011-0123, CVE-2011-0124, CVE-2011-0125, CVE-2011-0126, CVE-2011-0127, CVE-2011-0128, CVE-2011-0129, CVE-2011-0130, CVE-2011-0131, CVE-2011-0132, CVE-2011-0133, CVE-2011-0134, CVE-2011-0135, CVE-2011-0136, CVE-2011-0137, CVE-2011-0138, CVE-2011-0139, CVE-2011-0140, CVE-2011-0141, CVE-2011-0142, CVE-2011-0143, CVE-2011-0144, CVE-2011-0145, CVE-2011-0146, CVE-2011-0147, CVE-2011-0148, CVE-2011-0149, CVE-2011-0150, CVE-2011-0151, CVE-2011-0152, CVE-2011-0153, CVE-2011-0154, CVE-2011-0155, CVE-2011-0156, CVE-2011-0164, CVE-2011-0165, CVE-2011-0168]. The code will run with the privileges of the target user. kuzzcc, wushi of team509 (via TippingPoint's Zero Day Initiative), Sergey Glazunov, Yuzo Fujishima of Google, Andreas Kling of Nokia, Chris Evans of Google Chrome Security Team, J23 (via TippingPoint's Zero Day Initiative), Emil A Eklund of Google, an anonymous researcher (via with TippingPoint's Zero Day Initiative), Abhishek Arya (Inferno) of Google, Slawomir Blazek, Yuzo Fujishima of Google, Mihai Parparita of Google, David Bloom, Famlam, Jan Tosovsky, an anonymous reporter, Chris Rohlf of Matasano Security, Dirk Schulze, Michal Zalewski of Google, SkyLined of Google Chrome Security Team, Michael Gundlach of safariadblock.com, Aki Helin of OUSPG, and Apple reported these vulnerabilities.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   The vendor has issued a fix (10.2).

The vendor's advisory is available at:

http://support.apple.com/kb/HT4554

Vendor URL:  support.apple.com/kb/HT4554 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (7), Windows (Vista), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 22 2011 (Apple Issues Fix for Apple Safari) Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
Apple has issued a fix for Apple Safari.
Oct 12 2011 (Apple Issues Fix) Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
Apple has issued a fix for iTunes.



 Source Message Contents

Subject:  APPLE-SA-2011-03-02-1 iTunes 10.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-03-02-1 iTunes 10.2

iTunes 10.2 is now available and addresses the following:

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Multiple vulnerabilities in libpng
Description:  libpng is updated to version 1.4.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. For Mac OS X v10.5 systems, this is addressed in Security
Update 2010-007. Further information is available via the libpng
website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2010-1205
CVE-2010-2249

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow issue existed in ImageIO's
handling of JPEG images. Viewing a maliciously crafted JPEG image may
lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may result in an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in libTIFF's handling of JPEG
encoded TIFF images. Viewing a maliciously crafted TIFF image may
result in an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-0191 : Apple

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may result in an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in libTIFF's handling of
CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF
image may result in an unexpected application termination or
arbitrary code execution.
CVE-ID
CVE-2011-0192 : Apple

libxml
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description:  A double free issue existed in libxml's handling of
XPath expressions. Processing a maliciously crafted XML file may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences

libxml
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in libxml's XPath
handling. Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-4008 : Bui Quang Minh from Bkis (www.bkis.com)

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution
Description:  Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes
may lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2010-1824 : kuzzcc, and wushi of team509 working with
TippingPoint's Zero Day Initiative
CVE-2011-0111 : Sergey Glazunov
CVE-2011-0112 : Yuzo Fujishima of Google Inc.
CVE-2011-0113 : Andreas Kling of Nokia
CVE-2011-0114 : Chris Evans of Google Chrome Security Team
CVE-2011-0115 : J23 working with TippingPoint's Zero Day Initiative,
and Emil A Eklund of Google, Inc
CVE-2011-0116 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0117 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0118 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0119 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0120 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0121 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0122 : Slawomir Blazek
CVE-2011-0123 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0124 : Yuzo Fujishima of Google Inc.
CVE-2011-0125 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0126 : Mihai Parparita of Google, Inc.
CVE-2011-0127 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0128 : David Bloom
CVE-2011-0129 : Famlam
CVE-2011-0130 : Apple
CVE-2011-0131 : wushi of team509
CVE-2011-0132 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0133 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0134 : Jan Tosovsky
CVE-2011-0135 : an anonymous reporter
CVE-2011-0136 : Sergey Glazunov
CVE-2011-0137 : Sergey Glazunov
CVE-2011-0138 : kuzzcc
CVE-2011-0139 : kuzzcc
CVE-2011-0140 : Sergey Glazunov
CVE-2011-0141 : Chris Rohlf of Matasano Security
CVE-2011-0142 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0143 : Slawomir Blazek and Sergey Glazunov
CVE-2011-0144 : Emil A Eklund of Google, Inc.
CVE-2011-0145 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0146 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0147 : Dirk Schulze
CVE-2011-0148 : Michal Zalewski of Google, Inc.
CVE-2011-0149 : wushi of team509 working with TippingPoint's Zero Day
Initiative, and SkyLined of Google Chrome Security Team
CVE-2011-0150 : Michael Gundlach of safariadblock.com
CVE-2011-0151 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0152 : SkyLined of Google Chrome Security Team
CVE-2011-0153 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0154 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0155 : Aki Helin of OUSPG
CVE-2011-0156 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0164 : Apple
CVE-2011-0165 : Sergey Glazunov
CVE-2011-0168 : Sergey Glazunov


iTunes 10.2 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes10.2.dmg"
Its SHA-1 digest is: 35da52c03a478d7ff325e67d589e48afd195c9ab

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 1f40939eaca43648e55c137be220fa391bb48c6c

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: efc23fc7d92eb95a1f2588b8a6506d99b726c9ea

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNbrZ2AAoJEGnF2JsdZQeeIowH/1cW7yQKs7Jz3TAJjOwPkT6M
ETX53z7DBl1CLYYg6QZfbumUWrzj182WT5rKlt8qAhbxsMz4gLJ+TIqaaVn53NLV
c0mq9LN615DhXXsMWsHeINinSky6wZMjlTApocp3PwWQTGZn8rg7qnaUuNC+x2Y2
OxPOsCGyRtbzIq8AZMgJfK2J1Rm1TGQi5s/wSSkDq61R0CVyXHhzMG8L+ChUXDrQ
dKggtQQ8JeJK0kRp/q4kmJLxRBsimH21ame2urUrRKjXvvnqGLqy9pqJG9tbLFp2
1xlBg95tEF38v9wNRAx6gylN2dcGLvmK6+qqyvveenfGqlXd6BWmh4Ut4zHsD/4=
=pvse
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC