CVE-2012-0677

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:a:apple:itunes:10.0:::::::*
	cpe:2.3:a:apple:itunes:10.0.1:::::::*
	cpe:2.3:a:apple:itunes:10.1:::::::*
	cpe:2.3:a:apple:itunes:10.1.1:::::::*
	cpe:2.3:a:apple:itunes:10.1.1.4:::::::*
	cpe:2.3:a:apple:itunes:10.1.2:::::::*
	cpe:2.3:a:apple:itunes:10.2:::::::*
	cpe:2.3:a:apple:itunes:10.2.2.12:::::::*
	cpe:2.3:a:apple:itunes:10.3:::::::*
	cpe:2.3:a:apple:itunes:10.3.1:::::::*
	cpe:2.3:a:apple:itunes:10.4:::::::*
	cpe:2.3:a:apple:itunes:10.4.0.80:::::::*
	cpe:2.3:a:apple:itunes:10.4.1:::::::*
	cpe:2.3:a:apple:itunes:10.4.1.10:::::::*
	cpe:2.3:a:apple:itunes:10.5:::::::*
	cpe:2.3:a:apple:itunes:10.5.1:::::::*
	cpe:2.3:a:apple:itunes:10.5.1.42:::::::*
	cpe:2.3:a:apple:itunes:10.5.2:::::::*
	cpe:2.3:a:apple:itunes:10.5.3:::::::*
	cpe:2.3:a:apple:itunes:10.6:::::::*

History

No history.

Information

Published : 2012-06-12 14:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-0677

Mitre link : CVE-2012-0677

CVE.ORG link : CVE-2012-0677

JSON object : View

Products Affected

apple

itunes

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2012-0677", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-06-12T14:55:01.250", "references": [{"url": "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016", "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el iTunes de Apple antes de v10.6.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un un lista de reproducci\u00f3n .m3u espec\u00edficamente modificada para este fin."}], "lastModified": "2017-09-19T01:34:42.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D97E9C-D4BC-4B1D-B745-EA2F691BF8DF", "versionEndIncluding": "10.6.1"}, {"criteria": "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5817849-ADD0-4905-87D5-4D61DB635747"}, {"criteria": "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E90253-3F7D-4361-819B-5D49657F4472"}, {"criteria": "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84336EBA-5EC0-4C49-B1B9-9DAB23D5C3C2"}, {"criteria": "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CDE68E5-744B-4E18-BB74-83D7185E6A57"}, {"criteria": "cpe:2.3:a:apple:itunes:10.1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A599C14-8294-40D2-BCF2-183AF3D3AD84"}, {"criteria": "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2375C00-64ED-4027-810F-BA9E561385D3"}, {"criteria": "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C720899-5ED4-4B7F-B90F-043DE7D91C44"}, {"criteria": "cpe:2.3:a:apple:itunes:10.2.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A2EB90-E0C6-47B0-91BD-F77A721C163F"}, {"criteria": "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CA3CEB-11D9-4B24-82A1-D7EE77C2E7B4"}, {"criteria": "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF65883-4445-4436-98C5-35D9D2E1907B"}, {"criteria": "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0CCD602-FC35-4FD5-B976-4B585C5AA254"}, {"criteria": "cpe:2.3:a:apple:itunes:10.4.0.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D82F9D18-690C-4F81-A940-C509C5AC8D30"}, {"criteria": "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00B09F07-11C7-4A0A-9367-3A12E9B21110"}, {"criteria": "cpe:2.3:a:apple:itunes:10.4.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87884DFE-9254-4CF3-A002-16DB880AA0DE"}, {"criteria": "cpe:2.3:a:apple:itunes:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78B3119A-8986-4F13-9156-F8C9D1D8BC06"}, {"criteria": "cpe:2.3:a:apple:itunes:10.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA7E822-3EEC-4BF1-93A3-3E474BB4651A"}, {"criteria": "cpe:2.3:a:apple:itunes:10.5.1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AC29E4A-A3C2-4D8A-B7AF-823A31EEEFF9"}, {"criteria": "cpe:2.3:a:apple:itunes:10.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6AACF2A-2CF0-4631-A979-B226D063275E"}, {"criteria": "cpe:2.3:a:apple:itunes:10.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8020420-4C59-4536-9F73-AEC7999F766B"}, {"criteria": "cpe:2.3:a:apple:itunes:10.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3822ACC2-5FEC-4F97-A5B2-8FE9D8EFC860"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}