Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0677

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0677
Last Modified 02 Nov 2013 11:21:40
Published 12 Jun 2012 10:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0677

Summary

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

Vulnerable Systems

Application

  • Apple Itunes 10.0

  • Apple Itunes 10.0.1

  • Apple Itunes 10.1

  • Apple Itunes 10.1.1

  • Apple Itunes 10.1.1.4

  • Apple Itunes 10.1.2

  • Apple Itunes 10.2

  • Apple Itunes 10.2.2.12

  • Apple Itunes 10.3

  • Apple Itunes 10.3.1

  • Apple Itunes 10.4

  • Apple Itunes 10.4.0.80

  • Apple Itunes 10.4.1

  • Apple Itunes 10.4.1.10

  • Apple Itunes 10.5

  • Apple Itunes 10.5.1

  • Apple Itunes 10.5.1.42

  • Apple Itunes 10.5.2

  • Apple Itunes 10.5.3

  • Apple Itunes 10.6

  • Apple Itunes 10.6.1


References

APPLE - APPLE-SA-2012-06-11-1

Related Patches

Apple 2012-06-11 iTunes 10.6.3 for Mac (Update) (See Notes)

Apple iTunes 10.6.3 for Windows (Update) (All Languages) (See Note)


Last Updated: 27 May 2016 10:47:11