Details of VAR-201007-0314

ID

VAR-201007-0314

CVE

CVE-2010-1777

TITLE

Apple iTunes Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2010-001810

DESCRIPTION

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. Apple iTunes is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. Successful exploits can allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Apple iTunes is a free application available for multiple platforms that plays music and video content, as well as syncs content to iPods and Apple TVs

Trust: 1.98

sources: NVD: CVE-2010-1777 // JVNDB: JVNDB-2010-001810 // BID: 41789 // VULHUB: VHN-44382

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	1.1.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.4	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.3	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	2.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	3.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	1.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	9.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1.30	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	9.2.1	Trust: 0.3

sources: BID: 41789 // JVNDB: JVNDB-2010-001810 // CNNVD: CNNVD-201007-312 // NVD: CVE-2010-1777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1777
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1777
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201007-312
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-44382
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1777
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44382
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44382 // JVNDB: JVNDB-2010-001810 // CNNVD: CNNVD-201007-312 // NVD: CVE-2010-1777

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-44382 // JVNDB: JVNDB-2010-001810 // NVD: CVE-2010-1777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201007-312

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201007-312

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001810

PATCH

title:	HT4263	url:	http://support.apple.com/kb/HT4263	Trust: 0.8
title:	HT4263	url:	http://support.apple.com/kb/HT4263?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001810

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1777	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-001810	Trust: 0.8
db:	CNNVD	id:	CNNVD-201007-312	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-07-19-1	Trust: 0.6
db:	NSFOCUS	id:	15452	Trust: 0.6
db:	BID	id:	41789	Trust: 0.4
db:	VULHUB	id:	VHN-44382	Trust: 0.1

sources: VULHUB: VHN-44382 // BID: 41789 // JVNDB: JVNDB-2010-001810 // CNNVD: CNNVD-201007-312 // NVD: CVE-2010-1777

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4263	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6988	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1777	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1777	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/15452	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3

sources: VULHUB: VHN-44382 // BID: 41789 // JVNDB: JVNDB-2010-001810 // CNNVD: CNNVD-201007-312 // NVD: CVE-2010-1777

CREDITS

Clint Ruoho

Trust: 0.6

sources: CNNVD: CNNVD-201007-312

SOURCES

db:	VULHUB	id:	VHN-44382
db:	BID	id:	41789
db:	JVNDB	id:	JVNDB-2010-001810
db:	CNNVD	id:	CNNVD-201007-312
db:	NVD	id:	CVE-2010-1777

LAST UPDATE DATE

2024-11-23T22:49:52.091000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44382	date:	2017-09-19T00:00:00
db:	BID	id:	41789	date:	2010-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2010-001810	date:	2010-08-11T00:00:00
db:	CNNVD	id:	CNNVD-201007-312	date:	2010-08-02T00:00:00
db:	NVD	id:	CVE-2010-1777	date:	2024-11-21T01:15:10.763

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44382	date:	2010-07-30T00:00:00
db:	BID	id:	41789	date:	2010-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2010-001810	date:	2010-08-11T00:00:00
db:	CNNVD	id:	CNNVD-201007-312	date:	2010-07-19T00:00:00
db:	NVD	id:	CVE-2010-1777	date:	2010-07-30T13:26:13.457