cbcvebase.
CVE-2009-0950
published 2009-06-02

CVE-2009-0950: Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via…

PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
28.82%
97.9th percentile
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

Affected

72 ranges· showing 25
VendorProductVersion rangeFixed in
appleitunes<= 8.1.1
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes
appleitunes

Detection & IOCsextracted from sources · hover to see the quote

urlitms://:
commanditms://:<payload>
commanditpc://:<payload>
commanddaap://:<payload>
registry0x67215e2a
port4444
snort
GID 1, SIDs 15703 through 15707
bytes
VVVVVVVVVVVVVVVVV7RYjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIOqhDahIoS0
  • In Safari/browser context, itms:// URLs are automatically passed to iTunes without user interaction, making drive-by exploitation possible; monitor browser-to-iTunes URL handler invocations.
  • SafeSEH bypass uses QuickTime.qts gadget at 0x67215e2a (ADD ESP,8; RETN); presence of this return address in memory or network payload is a strong exploit indicator.
  • ·Only vfork-based payloads are reliable on OS X due to iTunes being multithreaded; standard fork/exec payloads may be unstable.
  • ·The exploit payload space is limited to approximately 1024 bytes due to browser URL length constraints.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.