[Full-disclosure] !ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes
naveedafzal at gmail.com
naveedafzal at gmail.com
Thu Mar 16 08:00:46 GMT 2006
!ADVISORY! | x Thu Mar 16 03:00:40 EST 2006 x | Heap Overflow in Apple iTunes
8==========================D~~~~~~~~~~~~~~~~~
8===D BACKGROUND
8==========================D~~~~~~~~~~~~~~~~~
This problem had no background.
8==========================D~~~~~~~~~~~~~~~~~
8===D DESCRIPTION
8==========================D~~~~~~~~~~~~~~~~~
It is possible to make Apple iTunes crash or run arbitrary code by the use of malformed input.
8==========================D~~~~~~~~~~~~~~~~~
8===D VENDOR RESPONSE
8==========================D~~~~~~~~~~~~~~~~~
Apple iTunes had extended no explanation on the problem at hand.
8==========================D~~~~~~~~~~~~~~~~~
8===D CVE INFORMATION
8==========================D~~~~~~~~~~~~~~~~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-258518 to this issue
8==========================D~~~~~~~~~~~~~~~~~
APPENDIX A VENDOR INFORMATION
8==========================D~~~~~~~~~~~~~~~~~
http://www.apple.com/itunes/
8==========================D~~~~~~~~~~~~~~~~~
CONTACT
8==========================D~~~~~~~~~~~~~~~~~
naveed naveedafzal at gmail.com
GSAE CEH CSFA SSP-CNSA GWAS SSCP
Full-Disclosure is hosted and sponsored by Secunia.