CVE-2012-0677

Apple iTunes <10.6.3 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/19387

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by LiquidWorm · pythondosmultiple

https://www.exploit-db.com/exploits/19098

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html

Scores

EPSS 0.1577

EPSS Percentile 94.7%

Details

CWE

CWE-119

Status published

Products (21)

apple/itunes 10.0

apple/itunes 10.0.1

apple/itunes 10.1

apple/itunes 10.1.1

apple/itunes 10.1.1.4

apple/itunes 10.1.2

apple/itunes 10.2

apple/itunes 10.2.2.12

apple/itunes 10.3

apple/itunes 10.3.1

... and 11 more

Published Jun 12, 2012

Tracked Since Feb 18, 2026