iTunes Advanced Audio Coding File Handling Integer Overflow Vulnerability

Apple iTunes Advanced Audio Coding File Handling Integer Overflow Vulnerability

About the security content of iTunes 6.0.5

CVE-ID: CVE-2006-1467

Available for: Mac OS X v10.2.8 or later, Windows XP / 2000

Impact: An integer overflow in iTunes could cause a denial of service or lead to the execution of arbitrary code

Description: The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files. iTunes 6.0.5 is freely available from http://www.apple.com/itunes/download/.

http://docs.info.apple.com/article.html?artnum=303952

Published Thu, Jun 29 2006 23:42 by donna
Filed under:

Comments

Thursday, June 29, 2006 9:59 PM by Thatedeguy » Apple gets hit with attack code

# Thatedeguy » Apple gets hit with attack code

PingBack from http://www.thatedeguy.com/archives/2006/06/apple-gets-hit-with-attack-code