Sign-up

ID

VAR-200906-0059


CVE

CVE-2009-0950


TITLE

Apple iTunes Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2009-001719

DESCRIPTION

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. Apple iTunes is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks before copying user-supplied data to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attacks will likely cause denial-of-service conditions. Apple iTunes is a media player program. TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities http://dvlabs.tippingpoint.com/advisory/TPTI-09-03 June 2, 2009 -- CVE ID: CVE-2009-0950 -- Affected Vendors: Apple -- Affected Products: Apple iTunes -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the URL handlers associated with iTunes. When processing URLs via the protocol handlers "itms", "itmss", "daap", "pcast", and "itpc" an exploitable stack overflow occurs. Successful exploitation can lead to a remote system compromise under the credentials of the currently logged in user. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3592 -- Disclosure Timeline: 2009-04-09 - Vulnerability reported to vendor 2009-06-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * James King, TippingPoint DVLabs . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iTunes "itms" URI Handling Buffer Overflow SECUNIA ADVISORY ID: SA35314 VERIFY ADVISORY: http://secunia.com/advisories/35314/ DESCRIPTION: A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 8.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Will Drewry. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3592 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2009-0950 // JVNDB: JVNDB-2009-001719 // BID: 35157 // VULHUB: VHN-38396 // PACKETSTORM: 78026 // PACKETSTORM: 77984

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:8.0.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:8.0.2

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.9.0

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:8.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.8.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.1.30

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.9

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:8.2

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:8.1.1

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:neversion:8.2

Trust: 0.3

sources: BID: 35157 // JVNDB: JVNDB-2009-001719 // CNNVD: CNNVD-200906-026 // NVD: CVE-2009-0950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0950
value: HIGH

Trust: 1.0

NVD: CVE-2009-0950
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200906-026
value: CRITICAL

Trust: 0.6

VULHUB: VHN-38396
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0950
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38396
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38396 // JVNDB: JVNDB-2009-001719 // CNNVD: CNNVD-200906-026 // NVD: CVE-2009-0950

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-38396 // JVNDB: JVNDB-2009-001719 // NVD: CVE-2009-0950

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 78026 // CNNVD: CNNVD-200906-026

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200906-026

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001719

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-38396

PATCH
title:HT3592url:http://support.apple.com/kb/HT3592
Trust: 0.8
title:HT3592url:http://support.apple.com/kb/HT3592?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001719

EXTERNAL IDS
db:NVDid:CVE-2009-0950
Trust: 2.9
db:BIDid:35157
Trust: 2.8
db:SECUNIAid:35314
Trust: 2.6
db:VUPENid:ADV-2009-1470
Trust: 2.5
db:OSVDBid:54833
Trust: 2.5
db:SECTRACKid:1022313
Trust: 2.5
db:EXPLOIT-DBid:8861
Trust: 1.7
db:EXPLOIT-DBid:8934
Trust: 1.7
db:XFid:50899
Trust: 1.4
db:JVNDBid:JVNDB-2009-001719
Trust: 0.8
db:MILW0RMid:8861
Trust: 0.6
db:MILW0RMid:8934
Trust: 0.6
db:BUGTRAQid:20090602 RE: TPTI-09-03: APPLE ITUNES MULTIPLE PROTOCOL HANDLER BUFFER OVERFLOW VULNERABILITIES
Trust: 0.6
db:APPLEid:APPLE-SA-2009-06-01-2
Trust: 0.6
db:CNNVDid:CNNVD-200906-026
Trust: 0.6
db:PACKETSTORMid:78026
Trust: 0.2
db:EXPLOIT-DBid:16296
Trust: 0.1
db:EXPLOIT-DBid:11138
Trust: 0.1
db:SEEBUGid:SSVID-67488
Trust: 0.1
db:SEEBUGid:SSVID-70814
Trust: 0.1
db:PACKETSTORMid:85134
Trust: 0.1
db:PACKETSTORMid:84531
Trust: 0.1
db:PACKETSTORMid:78301
Trust: 0.1
db:VULHUBid:VHN-38396
Trust: 0.1
db:PACKETSTORMid:77984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38396 // 
            
            
            
            BID: 35157 // 
            
            
            
            JVNDB: JVNDB-2009-001719 // 
            
            
            
            PACKETSTORM: 78026 // 
            
            
            
            PACKETSTORM: 77984 // 
            
            
            
            CNNVD: CNNVD-200906-026 // 
            
            
            
            NVD: CVE-2009-0950

REFERENCES
url:http://www.securityfocus.com/bid/35157
Trust: 2.5
url:http://osvdb.org/54833
Trust: 2.5
url:http://www.securitytracker.com/id?1022313
Trust: 2.5
url:http://secunia.com/advisories/35314
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/1470
Trust: 2.5
url:http://support.apple.com/kb/ht3592
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2009/jun/msg00001.html
Trust: 1.7
url:http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
Trust: 1.7
url:http://static.dataspill.org/releases/itunes/itms_overflow.rb
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/50899
Trust: 1.4
url:http://www.securityfocus.com/archive/1/504043/100/0/threaded
Trust: 1.1
url:https://www.exploit-db.com/exploits/8861
Trust: 1.1
url:https://www.exploit-db.com/exploits/8934
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17099
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/50899
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0950
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0950
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/504043/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/8934
Trust: 0.6
url:http://www.milw0rm.com/exploits/8861
Trust: 0.6
url:http://www.apple.com/itunes/
Trust: 0.3
url:/archive/1/504043
Trust: 0.3
url:/archive/1/504030
Trust: 0.3
url:http://dvlabs.tippingpoint.com/advisory/tpti-09-03
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-0950
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/35314/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38396 // 
            
            
            
            BID: 35157 // 
            
            
            
            JVNDB: JVNDB-2009-001719 // 
            
            
            
            PACKETSTORM: 78026 // 
            
            
            
            PACKETSTORM: 77984 // 
            
            
            
            CNNVD: CNNVD-200906-026 // 
            
            
            
            NVD: CVE-2009-0950

CREDITS
Will Drewry※ wad@google.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200906-026

SOURCES
db:VULHUBid:VHN-38396
db:BIDid:35157
db:JVNDBid:JVNDB-2009-001719
db:PACKETSTORMid:78026
db:PACKETSTORMid:77984
db:CNNVDid:CNNVD-200906-026
db:NVDid:CVE-2009-0950

LAST UPDATE DATE
2025-04-10T23:07:02.729000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38396date:2018-10-10T00:00:00
db:BIDid:35157date:2010-01-14T19:21:00
db:JVNDBid:JVNDB-2009-001719date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200906-026date:2009-06-19T00:00:00
db:NVDid:CVE-2009-0950date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-38396date:2009-06-02T00:00:00
db:BIDid:35157date:2009-06-01T00:00:00
db:JVNDBid:JVNDB-2009-001719date:2009-07-08T00:00:00
db:PACKETSTORMid:78026date:2009-06-03T03:55:01
db:PACKETSTORMid:77984date:2009-06-02T16:10:53
db:CNNVDid:CNNVD-200906-026date:2009-06-02T00:00:00
db:NVDid:CVE-2009-0950date:2009-06-02T18:30:00.267