CVE-2012-0677

Apple iTunes <10.6.3 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0677. PoCs published by Metasploit, LiquidWorm.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7 via a maliciously crafted extended M3U file, achieving remote code execution by overwriting SEH handlers and leveraging ROP chains.

Description

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/19387

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7 via a maliciously crafted extended M3U file, achieving remote code execution by overwriting SEH handlers and leveraging ROP chains.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Apple iTunes 10.4.0.80 to 10.6.1.7 with QuickTime 7.69 to 7.72 on Windows XP SP3

No auth needed

Prerequisites: Knowledge of the victim's QuickTime version · Victim interaction to open the malicious M3U file or follow a link

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by LiquidWorm · pythondosmultiple

https://www.exploit-db.com/exploits/19098

View Code ZIP pw:eip

This exploit leverages a heap-based buffer overflow in Apple iTunes 10.6.1.7 and 10.6.0.40 by crafting a malicious .M3U playlist file. The PoC demonstrates arbitrary code execution via a specially formatted file with excessive 'A' characters to trigger the overflow.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple iTunes 10.6.1.7 and 10.6.0.40

No auth needed

Prerequisites: Victim must open the malicious .M3U file in iTunes

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html

Scores

EPSS 0.1536

EPSS Percentile 96.4%

Details

CWE

CWE-119

Status published

Products (21)

apple/itunes 10.0

apple/itunes 10.0.1

apple/itunes 10.1

apple/itunes 10.1.1

apple/itunes 10.1.1.4

apple/itunes 10.1.2

apple/itunes 10.2

apple/itunes 10.2.2.12

apple/itunes 10.3

apple/itunes 10.3.1

... and 11 more

Published Jun 12, 2012

Tracked Since Feb 18, 2026