Sign-up

ID

VAR-200709-0141


CVE

CVE-2007-3752


TITLE

Apple iTunes Vulnerable to buffer overflow in handling music files

Trust: 0.8

sources: JVNDB: JVNDB-2007-000676

DESCRIPTION

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to iTunes 7.4. Apple iTunes is a media player program. This overflow can be triggered if a user is tricked into opening a malicious music file, causing the player to terminate unexpectedly or execute arbitrary code. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iTunes Music File Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA26725 VERIFY ADVISORY: http://secunia.com/advisories/26725/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: iTunes 7.x http://secunia.com/product/12131/ iTunes 6.x http://secunia.com/product/5882/ iTunes 5.x http://secunia.com/product/7864/ iTunes 4.x http://secunia.com/product/2916/ DESCRIPTION: A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified boundary error when processing album cover art. This can be exploited to cause a buffer overflow via a specially crafted music file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 7.4. iTunes 7.4 for Mac: http://www.apple.com/support/downloads/itunes74formac.html iTunes 7.4 for Windows: http://www.apple.com/support/downloads/itunes74forwindows.html PROVIDED AND/OR DISCOVERED BY: The vendor credits David Thiel, iSEC Partners ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306404 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3752 // JVNDB: JVNDB-2007-000676 // BID: 25567 // VULHUB: VHN-27114 // PACKETSTORM: 59115

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:lteversion:7.3.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.9

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.8

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:neversion:7.4

Trust: 0.3

sources: BID: 25567 // JVNDB: JVNDB-2007-000676 // CNNVD: CNNVD-200709-063 // NVD: CVE-2007-3752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3752
value: HIGH

Trust: 1.0

NVD: CVE-2007-3752
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200709-063
value: CRITICAL

Trust: 0.6

VULHUB: VHN-27114
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3752
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2007-3752
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-27114
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27114 // JVNDB: JVNDB-2007-000676 // CNNVD: CNNVD-200709-063 // NVD: CVE-2007-3752

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-27114 // JVNDB: JVNDB-2007-000676 // NVD: CVE-2007-3752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-063

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200709-063

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000676

PATCH
title:iTunes 7.4.1 for Macurl:http://www.apple.com/support/downloads/itunes741formac.html
Trust: 0.8
title:iTunes 7.4.1 for Windowsurl:http://www.apple.com/support/downloads/itunes741forwindows.html
Trust: 0.8
title:About the security content of iTunes 7.4url:http://docs.info.apple.com/article.html?artnum=306404-en
Trust: 0.8
title:About the security content of iTunes 7.4url:http://docs.info.apple.com/article.html?artnum=306404-ja
Trust: 0.8
title:iTunes 7.4.1 for Macurl:http://www.apple.com/jp/ftp-info/reference/itunes741formac.html
Trust: 0.8
title:iTunes 7.4.1 for Windowsurl:http://www.apple.com/jp/ftp-info/reference/itunes741forwindows.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000676

EXTERNAL IDS
db:BIDid:25567
Trust: 2.8
db:NVDid:CVE-2007-3752
Trust: 2.8
db:SECUNIAid:26725
Trust: 2.6
db:SECTRACKid:1018658
Trust: 2.5
db:VUPENid:ADV-2007-3073
Trust: 1.7
db:OSVDBid:38528
Trust: 1.7
db:JVNDBid:JVNDB-2007-000676
Trust: 0.8
db:XFid:36485
Trust: 0.6
db:BUGTRAQid:20070906 ITUNES 7.3.X - HEAP OVERFLOW IN ALBUM COVER PARSING
Trust: 0.6
db:APPLEid:APPLE-SA-2007-09-06
Trust: 0.6
db:CNNVDid:CNNVD-200709-063
Trust: 0.6
db:VULHUBid:VHN-27114
Trust: 0.1
db:PACKETSTORMid:59115
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27114 // 
            
            
            
            BID: 25567 // 
            
            
            
            JVNDB: JVNDB-2007-000676 // 
            
            
            
            PACKETSTORM: 59115 // 
            
            
            
            CNNVD: CNNVD-200709-063 // 
            
            
            
            NVD: CVE-2007-3752

REFERENCES
url:http://www.securityfocus.com/bid/25567
Trust: 2.5
url:http://www.securitytracker.com/id?1018658
Trust: 2.5
url:http://secunia.com/advisories/26725
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=306404
Trust: 2.1
url:http://lists.apple.com/archives/security-announce/2007/sep/msg00000.html
Trust: 1.7
url:https://www.isecpartners.com/advisories/2007-005-itunes.txt
Trust: 1.7
url:http://osvdb.org/38528
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/3073
Trust: 1.4
url:http://www.securityfocus.com/archive/1/478750/100/0/threaded
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17303
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/3073
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36485
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3752
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3752
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/36485
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/478750/100/0/threaded
Trust: 0.6
url:http://www.apple.com/itunes/
Trust: 0.3
url:/archive/1/478750
Trust: 0.3
url:http://secunia.com/product/2916/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://www.apple.com/support/downloads/itunes74forwindows.html
Trust: 0.1
url:http://secunia.com/advisories/26725/
Trust: 0.1
url:http://secunia.com/product/5882/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/12131/
Trust: 0.1
url:http://www.apple.com/support/downloads/itunes74formac.html
Trust: 0.1
url:http://secunia.com/product/7864/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27114 // 
            
            
            
            BID: 25567 // 
            
            
            
            JVNDB: JVNDB-2007-000676 // 
            
            
            
            PACKETSTORM: 59115 // 
            
            
            
            CNNVD: CNNVD-200709-063 // 
            
            
            
            NVD: CVE-2007-3752

CREDITS
David Thiel※ lx@redundancy.redundancy.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200709-063

SOURCES
db:VULHUBid:VHN-27114
db:BIDid:25567
db:JVNDBid:JVNDB-2007-000676
db:PACKETSTORMid:59115
db:CNNVDid:CNNVD-200709-063
db:NVDid:CVE-2007-3752

LAST UPDATE DATE
2025-04-10T23:15:51.819000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27114date:2018-10-15T00:00:00
db:BIDid:25567date:2007-09-07T21:51:00
db:JVNDBid:JVNDB-2007-000676date:2007-09-14T00:00:00
db:CNNVDid:CNNVD-200709-063date:2009-02-05T00:00:00
db:NVDid:CVE-2007-3752date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27114date:2007-09-06T00:00:00
db:BIDid:25567date:2007-09-05T00:00:00
db:JVNDBid:JVNDB-2007-000676date:2007-09-14T00:00:00
db:PACKETSTORMid:59115date:2007-09-07T06:01:27
db:CNNVDid:CNNVD-200709-063date:2007-09-06T00:00:00
db:NVDid:CVE-2007-3752date:2007-09-06T21:17:00