Details of VAR-201206-0336

ID

VAR-201206-0336

CVE

CVE-2012-0677

TITLE

Apple iTunes Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-002670

DESCRIPTION

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node. -------------------------------------------------------------------------------- <code> (940.fc0): Access violation - code c0000005 (!!! second chance !!!) eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20 eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 <unloaded_card.dll>+0x41414130: 41414141 ?? ??? ~~~ (6b0.a04): Access violation - code c0000005 (!!! second chance !!!) eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 Defaulted to export symbols for C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40: 0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=???????? </unloaded_card.dll></code> -------------------------------------------------------------------------------- Tested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-06-11-1 iTunes 10.6.3 iTunes 10.6.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. CVE-ID CVE-2012-0677 : Gjoko Krstic of Zero Science Lab WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team iTunes 10.6.3 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes10.6.3.dmg" Its SHA-1 digest is: e673e5cbd2955130efbc92a788fff178e66bd155 For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 2618f701f1d1a853e33138a57bec193bcd08438e For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: 3806af762a066fde3d7e83f86a429ae40175561e Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJP1iVwAAoJEPefwLHPlZEwwCwQAK3GHSCBWGFlkIdf5A14STjH 418W8jBN7fYpZL04wnBxFC4n6r9213/TAIq+FBQAUpS1Q4442qWbJ7DUPCU34+aC 1nhRhL6vXCrfsIqZB7YdsGIrcSw3iAKpyszCyDfE6l4oqwQuGzeUsZ89ZTxvKMLw QYelU0izAJHcBKDJ+GiQCSZjoYgOha9dW1rDE50EIc274SoyZqHBV1hs2fSkslMq GWKgg3KGSt1QGf9dX9bE2Zgb6QYVXTr092/VuIvAP6GUn5ltMJ4Qu1+GUhzQXykj 6Av3gtrwoWHg7iG3X66+A3XQ6oIjKHTplA8LDC5a3g1bcECaJI/QDxfC4xIyIqhT HUJPy1FH6cFKTVGEF7h4HvcQKjpbt20UuCE4a9Om8PPw2P/iaBNnS+jV5AQ/RVwL nfhxNQkNg0rYmFfUFjNWajjK+YWgjTN/Ny3Ba4hTl66PV5OSHtkQtIJtDTJcAxP0 7hX/CaEU9TnJl5HKmlhNv1PvqMmM951N39ODbf+zG23yVw+2hmE1SWDcJxAAv1LD sCMFh5vesPb/7Bvbc1Qi23lX27gjYA3bzPnwREdEQ+9nyiKbwFAvIZ5KwszIdmlR qIlGpIvpQOJYEC3aVq7tDlABkwF7pBaAGOQqYpP8O+iM7kJNDGCVaGWEL2OuVHjY bGLlmB3ueonyCP+g94nH =IxYx -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Apple iTunes Two Vulnerabilities SECUNIA ADVISORY ID: SA49489 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49489 RELEASE DATE: 2012-06-12 DISCUSS ADVISORY: http://secunia.com/advisories/49489/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49489/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49489 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has reported two vulnerabilities in Apple iTunes, which can be exploited by malicious people to compromise a user's system. 2) A vulnerability is caused due to a bundled vulnerable version of WebKit. For more information see vulnerability #3 in: SA48454 NOTE: This vulnerability does not affect the application on OS X Lion systems. SOLUTION: Update to version 10.6.3. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gjoko Krstic, Zero Science Lab. 2) Adam Barth and Abhishek Arya, Google Chrome Security Team. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5318 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2012-0677 // JVNDB: JVNDB-2012-002670 // BID: 53933 // ZSL: ZSL-2012-5093 // VULHUB: VHN-53958 // PACKETSTORM: 113566 // PACKETSTORM: 113591

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	10.6.3	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1.7 and 10.6.0.40	Trust: 0.1

sources: ZSL: ZSL-2012-5093 // BID: 53933 // JVNDB: JVNDB-2012-002670 // CNNVD: CNNVD-201206-154 // NVD: CVE-2012-0677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-0677
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-0677
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201206-154
value:	CRITICAL
Trust: 0.6
ZSL:	ZSL-2012-5093
value:	(4/5)
Trust: 0.1
VULHUB:	VHN-53958
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-0677
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-53958
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZSL: ZSL-2012-5093 // VULHUB: VHN-53958 // JVNDB: JVNDB-2012-002670 // CNNVD: CNNVD-201206-154 // NVD: CVE-2012-0677

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-53958 // JVNDB: JVNDB-2012-002670 // NVD: CVE-2012-0677

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201206-154

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201206-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002670

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2012-5093 // VULHUB: VHN-53958

PATCH

title:

HT5318

url:

http://support.apple.com/kb/HT5318

Trust: 0.8

sources: JVNDB: JVNDB-2012-002670

EXTERNAL IDS

db:	NVD	id:	CVE-2012-0677	Trust: 2.9
db:	SECUNIA	id:	49489	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-002670	Trust: 0.8
db:	NSFOCUS	id:	19773	Trust: 0.7
db:	CNNVD	id:	CNNVD-201206-154	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-06-11-1	Trust: 0.6
db:	BID	id:	53933	Trust: 0.5
db:	PACKETSTORM	id:	113566	Trust: 0.3
db:	PACKETSTORM	id:	113555	Trust: 0.2
db:	EXPLOIT-DB	id:	19098	Trust: 0.2
db:	OSVDB	id:	82897	Trust: 0.1
db:	VULDB	id:	5552	Trust: 0.1
db:	CXSECURITY	id:	WLB-2012060148	Trust: 0.1
db:	SECTRACK	id:	1027142	Trust: 0.1
db:	ZSL	id:	ZSL-2012-5093	Trust: 0.1
db:	SEEBUG	id:	SSVID-73064	Trust: 0.1
db:	SEEBUG	id:	SSVID-73321	Trust: 0.1
db:	EXPLOIT-DB	id:	19387	Trust: 0.1
db:	VULHUB	id:	VHN-53958	Trust: 0.1
db:	PACKETSTORM	id:	113591	Trust: 0.1

sources: ZSL: ZSL-2012-5093 // VULHUB: VHN-53958 // BID: 53933 // JVNDB: JVNDB-2012-002670 // PACKETSTORM: 113566 // PACKETSTORM: 113591 // CNNVD: CNNVD-201206-154 // NVD: CVE-2012-0677

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jun/msg00000.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17016	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0677	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu626251	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0677	Trust: 0.8
url:	http://secunia.com/advisories/49489	Trust: 0.7
url:	http://www.nsfocus.net/vulndb/19773	Trust: 0.7
url:	http://support.apple.com/kb/ht5318	Trust: 0.2
url:	http://support.apple.com/kb/ht1222	Trust: 0.2
url:	http://www.apple.com/itunes/download	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0677	Trust: 0.1
url:	https://isc.sans.edu/diary/apple+itunes+security+update/13435	Trust: 0.1
url:	http://cxsecurity.com/issue/wlb-2012060148	Trust: 0.1
url:	http://www.exploit-db.com/exploits/19098/	Trust: 0.1
url:	http://packetstormsecurity.org/files/113555	Trust: 0.1
url:	http://packetstormsecurity.org/files/113566	Trust: 0.1
url:	http://www.securelist.com/en/advisories/49489	Trust: 0.1
url:	http://www.securitytracker.com/id/1027142	Trust: 0.1
url:	http://osvdb.org/show/osvdb/82897	Trust: 0.1
url:	http://www.scmagazine.com.au/news/304973,booby-trapped-playlist-pwns-itunes.aspx	Trust: 0.1
url:	http://www.crn.com.au/news/304998,booby-trapped-playlist-hits-itunes.aspx	Trust: 0.1
url:	http://lists.virus.org/apple-security-1206/msg00000.html	Trust: 0.1
url:	http://www.camcert.gov.kh/?p=1201	Trust: 0.1
url:	http://securityvulns.com/docs28127.html	Trust: 0.1
url:	http://www.net-security.org/advisory.php?id=14441	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2012-06/0051.html	Trust: 0.1
url:	https://www.cert.be/pro/node/12532	Trust: 0.1
url:	http://sylvar.tumblr.com/post/25087980360/apple-itunes-10-6-1-7-m3u-playlist-file-walking	Trust: 0.1
url:	http://www.securityfocus.com/bid/53933	Trust: 0.1
url:	http://www.nessus.org/plugins/index.php?view=single&id=59497	Trust: 0.1
url:	http://www.nessus.org/plugins/index.php?view=single&id=59498	Trust: 0.1
url:	http://www.nessus.org/plugins/index.php?view=single&id=59499	Trust: 0.1
url:	http://www.scmagazine.com/itunes-vulnerability-may-enable-remote-code-execution/article/246207/	Trust: 0.1
url:	http://www.informationweek.com/aroundtheweb/security/itunes-vulnerability-may-enable-remote-c/704d55486d51544d524931735147714b49364f5558773d3d	Trust: 0.1
url:	http://www.msnbc.msn.com/id/47876553/ns/technology_and_science-security/	Trust: 0.1
url:	http://www.libertas.mk/vest/28065/makedonski-it-ekspert-otkri-opasen-bezbednosen-defekt-vo-itjuns	Trust: 0.1
url:	http://www.scip.ch/en/?vuldb.5552	Trust: 0.1
url:	http://www.infosecurity-magazine.com/view/26492/researcher-publishes-proofofconcept-exploit-for-itunes/	Trust: 0.1
url:	http://www.intego.com/mac-security-blog/time-to-update-itunes/	Trust: 0.1
url:	http://tif.mcafee.com/threats/3500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0672	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0677	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://www.apple.com/itunes/download/	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.1
url:	http://secunia.com/advisories/49489/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49489	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/49489/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: ZSL: ZSL-2012-5093 // VULHUB: VHN-53958 // JVNDB: JVNDB-2012-002670 // PACKETSTORM: 113566 // PACKETSTORM: 113591 // CNNVD: CNNVD-201206-154 // NVD: CVE-2012-0677

CREDITS

Gjoko Krstic of Zero Science Lab

Trust: 0.3

sources: BID: 53933

SOURCES

db:	ZSL	id:	ZSL-2012-5093
db:	VULHUB	id:	VHN-53958
db:	BID	id:	53933
db:	JVNDB	id:	JVNDB-2012-002670
db:	PACKETSTORM	id:	113566
db:	PACKETSTORM	id:	113591
db:	CNNVD	id:	CNNVD-201206-154
db:	NVD	id:	CVE-2012-0677

LAST UPDATE DATE

2024-11-23T21:06:54.500000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2012-5093	date:	2015-06-01T00:00:00
db:	VULHUB	id:	VHN-53958	date:	2017-09-19T00:00:00
db:	BID	id:	53933	date:	2012-06-17T00:01:00
db:	JVNDB	id:	JVNDB-2012-002670	date:	2012-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201206-154	date:	2012-06-14T00:00:00
db:	NVD	id:	CVE-2012-0677	date:	2024-11-21T01:35:31.127

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2012-5093	date:	2012-06-12T00:00:00
db:	VULHUB	id:	VHN-53958	date:	2012-06-12T00:00:00
db:	BID	id:	53933	date:	2012-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2012-002670	date:	2012-06-14T00:00:00
db:	PACKETSTORM	id:	113566	date:	2012-06-12T22:20:34
db:	PACKETSTORM	id:	113591	date:	2012-06-13T02:54:15
db:	CNNVD	id:	CNNVD-201206-154	date:	2012-06-13T00:00:00
db:	NVD	id:	CVE-2012-0677	date:	2012-06-12T14:55:01.250