CVE-2006-1467 – Apple iTunes AAC File Parsing Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-1467
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list file. The specific flaw exists during the processing of malicious AAC media files such as those with extensions .M4A and .M4P. During the parsing of the sample table size atom (STSZ), a malformed 'sample_size_table' value can trigger an integer overflow leading to an exploitable memory corruption. • http://docs.info.apple.com/article.html?artnum=303952 http://secunia.com/advisories/20891 http://securitytracker.com/id?1016413 http://www.kb.cert.org/vuls/id/907836 http://www.securityfocus.com/archive/1/438812/100/0/threaded http://www.securityfocus.com/bid/18730 http://www.vupen.com/english/advisories/2006/2601 http://www.zerodayinitiative.com/advisories/ZDI-06-020.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27481 • CWE-189: Numeric Errors •
CVE-2006-1249
https://notcve.org/view.php?id=CVE-2006-1249
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. • http://lists.apple.com/archives/security-announce/2006/May/msg00002.html http://secunia.com/advisories/20069 http://securitytracker.com/id?1016067 http://www.eeye.com/html/research/upcoming/20060307b.html http://www.kb.cert.org/vuls/id/570689 http://www.securityfocus.com/archive/1/433831/100/0/threaded http://www.securityfocus.com/archive/1/433850/100/0/threaded http://www.securityfocus.com/bid/17074 http://www.us-cert.gov/cas/techalerts/TA06-132B.html http://www& • CWE-189: Numeric Errors •
CVE-2005-4092
https://notcve.org/view.php?id=CVE-2005-4092
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. • http://docs.info.apple.com/article.html?artnum=303101 http://secunia.com/advisories/18149 http://secunia.com/advisories/18370 http://security-protocols.com/advisory/sp-x21-advisory.txt http://securityreason.com/securityalert/334 http://securityreason.com/securityalert/336 http://securitytracker.com/id?1015356 http://securitytracker.com/id?1015396 http://securitytracker.com/id?1015397 http://www.eeye.com/html/research/upcoming/20051117a.html http://www.eeye.com/html/research/upcoming/2005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2938
https://notcve.org/view.php?id=CVE-2005-2938
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. • http://securitytracker.com/id?1015222 http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities http://www.vupen.com/english/advisories/2005/2443 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-1248
https://notcve.org/view.php?id=CVE-2005-1248
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. • http://docs.info.apple.com/article.html?artnum=301596 http://lists.apple.com/archives/security-announce/2005/May/msg00003.html http://secunia.com/advisories/15310 http://securitytracker.com/id?1013927 http://www.ngssoftware.com/advisories/itunes.txt http://www.osvdb.org/16243 http://www.securityfocus.com/bid/13565 http://www.vupen.com/english/advisories/2005/0504 https://exchange.xforce.ibmcloud.com/vulnerabilities/20498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •