Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0950 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents5 sources

Severity

9.3CRITICALNVD

EPSS

82.1%

top 0.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Itunes

Timeline

PublishedJun 2

Latest updateMay 2

Description

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes8.1.1+71

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-h9gq-m24m-jcv9: Stack-based buffer overflow in Apple iTunes before 8↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit)↗2010-11-11

▶

Exploit-DB

Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow↗2010-01-14

▶

Exploit-DB

Apple iTunes 8.1.1.10 (Windows) - 'itms/itcp' Remote Buffer Overflow↗2009-06-12

▶

Exploit-DB

Apple iTunes 8.1.1 - 'ITMS' Multiple Protocol Handler Buffer Overflow (Metasploit)↗2009-06-03

▶

Metasploit

Apple OS X iTunes 8.1.1 ITMS Overflow↗

▶

🕵️Threat Intelligence

Talos

Rule release for today - July 21st 2009↗2009-07-21

▶

Talos

Rule release for today - July 21st 2009↗2009-07-21

▶