CVE-2009-0950

Apple Itunes < 8.1.1 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteosx
https://www.exploit-db.com/exploits/16296
exploitdb WORKING POC VERIFIED
by Simo36 · cremotewindows
https://www.exploit-db.com/exploits/11138
exploitdb WORKING POC VERIFIED
by ryujin · pythonremotewindows
https://www.exploit-db.com/exploits/8934
exploitdb WORKING POC VERIFIED
by Will Drewry · rubyremoteosx
https://www.exploit-db.com/exploits/8861
metasploit WORKING POC GREAT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/itms_overflow.rb

References (14)

Scores

EPSS 0.8211
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (16)
apple/itunes 1.0 (4 CPE variants)
apple/itunes 1.1
apple/itunes 1.1.1 (4 CPE variants)
apple/itunes 1.1.2 (4 CPE variants)
apple/itunes 2.0 (4 CPE variants)
apple/itunes 2.0.1 (4 CPE variants)
apple/itunes 2.0.2 (4 CPE variants)
apple/itunes 2.0.3 (4 CPE variants)
apple/itunes 2.0.4 (4 CPE variants)
apple/itunes 3.0 (2 CPE variants)
... and 6 more
Published Jun 02, 2009
Tracked Since Feb 18, 2026