SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
Apple iTunes MPEG4 Buffer Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013927
SecurityTracker URL:  http://securitytracker.com/id/1013927
CVE Reference:   CVE-2005-1248   (Links to External Site)
Date:  May 9 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.7 and prior versions
Description:   A vulnerability was reported in Apple iTunes. A remote user can cause denial of service conditions and may be able to execute arbitrary code.

A remote user can create a specially crafted MPEG4 file that, when loaded by the target user with iTunes, will trigger a buffer overflow and crash or potentially execute arbitrary code. The code will run with the privileges of the target user.

The vendor credits Mark Litchfield of NGS Software with reporting this vulnerability.

Impact:   A remote user can cause the iTunes player to crash or to execute arbitrary code with the privileges of the target user.
Solution:   The vendor has released a fixed version (4.8), available for Mac OS X v10.2.8 or later, Microsoft Windows XP, and Microsoft Windows 2000 at:

http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes4.8.dmg"
Its SHA-1 digest is: 5a86f278f9f83192a7789ad123d5d62f67a6a316

For Windows 2000 or XP:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 12582d193b27991c8f069331ab12d107c569bde2

Vendor URL:  www.apple.com/support/security/security_updates.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2005-05-09 iTunes 4.8


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-05-09 iTunes 4.8

iTunes 4.8 is now available and, among other enhancements, delivers
the following security improvement:

CVE-ID:  CAN-2005-1248

Impact:  A buffer overflow in iTunes could cause a denial of service
and lead to execution of arbitrary code

Description:  The MPEG4 file parsing code in iTunes versions prior to
4.8 contains a buffer overflow vulnerability.  Parsing a
maliciously-crafted MPEG4 file could cause iTunes to terminate or
potentially execute arbitrary code.  iTunes 4.8 addresses this issue
by improving the validation checks used when loading MPEG4 files.
Credit to Mark Litchfield of NGS Software for reporting this issue.

iTunes 4.8 is freely available at
http://www.apple.com/itunes/download/ for Mac OS X v10.2.8 or later,
Microsoft Windows XP, and Microsoft Windows 2000

For Mac OS X:
The download file is named:  "iTunes4.8.dmg"
Its SHA-1 digest is:  5a86f278f9f83192a7789ad123d5d62f67a6a316

For Windows 2000 or XP:
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  12582d193b27991c8f069331ab12d107c569bde2

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQn+6yYHaV5ucd/HdAQLYzQf/SDN1AnjwypPbB7UuNOeR3PnBSNyV+Z1k
L+EwCmtafm1tx2G8m8wAX0WYJ+k79cFSxfA7A8LzVGcZwN7uYjf7JT7YDmOHiMGB
rJFKakNmP5iSfRObSKXylfUkjBMhriiQyYzBrsbtIPjHo/HhD3UCcKcOX0/ghFJn
WPow+OatAPQWMV2ieyEDL1Yxr42SknmZrCEndrGDisPiT204R5SV38vAF4PDafbm
0/fB24UW2TPfAa/Ga50hO3IGEusAeeCRl/VJFI9bOmDcHLAAajNh9zWODZ/3j49S
nbiuGlzyf23lI2mdmSZ743DxeuojIahM9wpotpWdqKMTyej4/DkbkA==
=T7Wp
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC