Sign-up

ID

VAR-200606-0398


CVE

CVE-2006-1467


TITLE

Apple iTunes AAC File Parsing Integer Overflow Vulnerability

Trust: 1.6

sources: ZDI: ZDI-06-020 // BID: 18730 // CNNVD: CNNVD-200606-599

DESCRIPTION

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. Apple iTunes does not properly parse AAC files. This vulnerability may allow a remote attacker to execute arbitrary code. Exploitation requires an attacker to convince a target user into opening a malicious play list file.The specific flaw exists during the processing of malicious AAC media files such as those with extensions .M4A and .M4P. During the parsing of the sample table size atom (STSZ), a malformed 'sample_size_table' value can trigger an integer overflow leading to an exploitable memory corruption. iTunes is prone to an integer-overflow vulnerability. This may help the attacker gain unauthorized access or escalate privileges. Apple iTunes is a media player program. ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-020.html June 29, 2006 -- CVE ID: CVE-2006-1467 -- Affected Vendor: Apple -- Affected Products: iTunes -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since April 3, 2006 by Digital Vaccine protection filter ID 4282. -- Vendor Response: Apple has addressed this issue in the latest release of iTunes, version 6.0.5. More information is available from the vendor web site at: http://docs.info.apple.com/article.html?artnum=303952 -- Disclosure Timeline: 2006.04.03 - Digital Vaccine released to TippingPoint customers 2006.04.07 - Vulnerability reported to vendor 2006.06.29 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by ATmaCA. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product

Trust: 2.7

sources: NVD: CVE-2006-1467 // CERT/CC: VU#907836 // ZDI: ZDI-06-020 // BID: 18730 // VULHUB: VHN-17575 // PACKETSTORM: 47931

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:lteversion:6.0.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.9

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:itunesscope: - version: -

Trust: 0.7

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:neversion:6.0.5

Trust: 0.3

sources: CERT/CC: VU#907836 // ZDI: ZDI-06-020 // BID: 18730 // CNNVD: CNNVD-200606-599 // NVD: CVE-2006-1467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1467
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#907836
value: 11.73

Trust: 0.8

CNNVD: CNNVD-200606-599
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17575
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1467
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17575
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#907836 // VULHUB: VHN-17575 // CNNVD: CNNVD-200606-599 // NVD: CVE-2006-1467

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.1

sources: VULHUB: VHN-17575 // NVD: CVE-2006-1467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-599

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200606-599

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-17575

PATCH
title:Apple has issued an update to correct this vulnerability.url:http://docs.info.apple.com/article.html?artnum=303952
Trust: 0.7
sources:
            
            
            ZDI: ZDI-06-020

EXTERNAL IDS
db:ZDIid:ZDI-06-020
Trust: 3.3
db:NVDid:CVE-2006-1467
Trust: 2.8
db:SECUNIAid:20891
Trust: 2.5
db:CERT/CCid:VU#907836
Trust: 2.5
db:BIDid:18730
Trust: 2.0
db:SECTRACKid:1016413
Trust: 1.7
db:VUPENid:ADV-2006-2601
Trust: 1.7
db:ZDI_CANid:ZDI-CAN-043
Trust: 0.7
db:CNNVDid:CNNVD-200606-599
Trust: 0.7
db:XFid:27481
Trust: 0.6
db:APPLEid:APPLE-SA-2006-06-29
Trust: 0.6
db:BUGTRAQid:20060630 ZDI-06-020: APPLE ITUNES AAC FILE PARSING INTEGER OVERFLOW VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:47931
Trust: 0.2
db:VULHUBid:VHN-17575
Trust: 0.1
sources:
            
            
            CERT/CC: VU#907836 // 
            
            
            
            ZDI: ZDI-06-020 // 
            
            
            
            VULHUB: VHN-17575 // 
            
            
            
            BID: 18730 // 
            
            
            
            PACKETSTORM: 47931 // 
            
            
            
            CNNVD: CNNVD-200606-599 // 
            
            
            
            NVD: CVE-2006-1467

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=303952
Trust: 3.3
url:http://www.zerodayinitiative.com/advisories/zdi-06-020.html
Trust: 1.8
url:http://www.securityfocus.com/bid/18730
Trust: 1.7
url:http://www.kb.cert.org/vuls/id/907836
Trust: 1.7
url:http://securitytracker.com/id?1016413
Trust: 1.7
url:http://secunia.com/advisories/20891
Trust: 1.7
url:http://www.securityfocus.com/archive/1/438812/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/2601
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27481
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-06-020.html 
Trust: 0.8
url:http://secunia.com/advisories/20891/
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/27481
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/438812/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2601
Trust: 0.6
url:http://www.apple.com/support/downloads/
Trust: 0.3
url:http://www.apple.com/itunes/
Trust: 0.3
url:/archive/1/438812
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2006-1467
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
sources:
            
            
            CERT/CC: VU#907836 // 
            
            
            
            ZDI: ZDI-06-020 // 
            
            
            
            VULHUB: VHN-17575 // 
            
            
            
            BID: 18730 // 
            
            
            
            PACKETSTORM: 47931 // 
            
            
            
            CNNVD: CNNVD-200606-599 // 
            
            
            
            NVD: CVE-2006-1467

CREDITS
ATmaCA
Trust: 0.7
sources:
            
            
            ZDI: ZDI-06-020

SOURCES
db:CERT/CCid:VU#907836
db:ZDIid:ZDI-06-020
db:VULHUBid:VHN-17575
db:BIDid:18730
db:PACKETSTORMid:47931
db:CNNVDid:CNNVD-200606-599
db:NVDid:CVE-2006-1467

LAST UPDATE DATE
2024-08-14T14:29:12.320000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#907836date:2006-06-30T00:00:00
db:ZDIid:ZDI-06-020date:2006-06-29T00:00:00
db:VULHUBid:VHN-17575date:2018-10-18T00:00:00
db:BIDid:18730date:2006-06-30T21:09:00
db:CNNVDid:CNNVD-200606-599date:2006-08-28T00:00:00
db:NVDid:CVE-2006-1467date:2018-10-18T16:32:41.763

SOURCES RELEASE DATE
db:CERT/CCid:VU#907836date:2006-06-30T00:00:00
db:ZDIid:ZDI-06-020date:2006-06-29T00:00:00
db:VULHUBid:VHN-17575date:2006-06-29T00:00:00
db:BIDid:18730date:2006-06-29T00:00:00
db:PACKETSTORMid:47931date:2006-07-02T09:03:54
db:CNNVDid:CNNVD-200606-599date:2006-06-29T00:00:00
db:NVDid:CVE-2006-1467date:2006-06-29T23:05:00