Sign-up

ID

VAR-200909-0332


CVE

CVE-2009-2817


TITLE

Apple iTunes '.pls' File Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 36478 // CNNVD: CNNVD-200909-446

DESCRIPTION

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple iTunes 9.0.1 are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-2817 // JVNDB: JVNDB-2009-002155 // BID: 36478 // VULHUB: VHN-40263

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:4.6.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.1.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.0.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.2

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.9.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.2.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.8.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.2.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.5.0

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:9.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.1.30

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.9

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:9.0.1

Trust: 0.8

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:neversion:9.0.1

Trust: 0.3

sources: BID: 36478 // JVNDB: JVNDB-2009-002155 // CNNVD: CNNVD-200909-446 // NVD: CVE-2009-2817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2817
value: HIGH

Trust: 1.0

NVD: CVE-2009-2817
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-446
value: CRITICAL

Trust: 0.6

VULHUB: VHN-40263
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2817
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40263
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40263 // JVNDB: JVNDB-2009-002155 // CNNVD: CNNVD-200909-446 // NVD: CVE-2009-2817

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-40263 // JVNDB: JVNDB-2009-002155 // NVD: CVE-2009-2817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-446

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200909-446

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002155

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-40263

PATCH
title:HT3884url:http://support.apple.com/kb/HT3884
Trust: 0.8
title:HT3884url:http://support.apple.com/kb/HT3884?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002155

EXTERNAL IDS
db:NVDid:CVE-2009-2817
Trust: 2.8
db:BIDid:36478
Trust: 2.8
db:JVNDBid:JVNDB-2009-002155
Trust: 0.8
db:CNNVDid:CNNVD-200909-446
Trust: 0.7
db:APPLEid:APPLE-SA-2009-09-22-1
Trust: 0.6
db:EXPLOIT-DBid:33235
Trust: 0.1
db:EXPLOIT-DBid:11491
Trust: 0.1
db:SEEBUGid:SSVID-86476
Trust: 0.1
db:SEEBUGid:SSVID-67746
Trust: 0.1
db:PACKETSTORMid:86421
Trust: 0.1
db:VULHUBid:VHN-40263
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40263 // 
            
            
            
            BID: 36478 // 
            
            
            
            JVNDB: JVNDB-2009-002155 // 
            
            
            
            CNNVD: CNNVD-200909-446 // 
            
            
            
            NVD: CVE-2009-2817

REFERENCES
url:http://www.securityfocus.com/bid/36478
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2009/sep/msg00006.html
Trust: 1.7
url:http://support.apple.com/kb/ht3884
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6290
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2817
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2817
Trust: 0.8
url:http://www.apple.com/itunes/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-40263 // 
            
            
            
            BID: 36478 // 
            
            
            
            JVNDB: JVNDB-2009-002155 // 
            
            
            
            CNNVD: CNNVD-200909-446 // 
            
            
            
            NVD: CVE-2009-2817

CREDITS
Roger Hart of IP3, and Steven Woolley at Oogli LLC
Trust: 0.9
sources:
            
            
            BID: 36478 // 
            
            
            
            CNNVD: CNNVD-200909-446

SOURCES
db:VULHUBid:VHN-40263
db:BIDid:36478
db:JVNDBid:JVNDB-2009-002155
db:CNNVDid:CNNVD-200909-446
db:NVDid:CVE-2009-2817

LAST UPDATE DATE
2025-04-10T23:00:23.800000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40263date:2017-09-19T00:00:00
db:BIDid:36478date:2010-02-17T20:32:00
db:JVNDBid:JVNDB-2009-002155date:2009-10-28T00:00:00
db:CNNVDid:CNNVD-200909-446date:2009-09-25T00:00:00
db:NVDid:CVE-2009-2817date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40263date:2009-09-24T00:00:00
db:BIDid:36478date:2009-09-22T00:00:00
db:JVNDBid:JVNDB-2009-002155date:2009-10-28T00:00:00
db:CNNVDid:CNNVD-200909-446date:2009-09-24T00:00:00
db:NVDid:CVE-2009-2817date:2009-09-24T18:30:00.517