Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2817 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents3 sources

Severity

9.3CRITICALNVD

EPSS

20.9%

top 4.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Itunes

Timeline

PublishedSep 24

Latest updateMay 2

Description

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes9.0+72

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-79wj-8p7q-rfq7: Buffer overflow in Apple iTunes before 9↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow↗2010-02-17

▶

Exploit-DB

Apple iTunes 9.0 - '.pls' Buffer Overflow↗2009-09-22

▶