Apple ITunes '.m3u' Playlist Code Execution Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with Apple iTunes and is prone to code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to Apple Apple iTunes version 10.6.3 or later, For updates refer to http://www.apple.com/itunes/download/

Insight

Apple iTunes fails to handle '.m3u' playlist, allowing to cause a heap overflow and execute arbitrary code on the target system.

Affected

Apple iTunes version prior to 10.6.3 on Mac OS X

References

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes '.m3u' Playlist Code Execution Vulnerability (Mac OS X)