CVSS: 9.3EPSS: 12%CPEs: 1EXPL: 0CVE-2007-3752
https://notcve.org/view.php?id=CVE-2007-3752
06 Sep 2007 — Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. Un desbordamiento de búfer en la región heap de la memoria en iTunes de Apple versiones anteriores a 7.4, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o ejecutar código arbitrario por medio de una carátula del álbum diseñada en el átomo covr de un archi... • http://docs.info.apple.com/article.html?artnum=306404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1008 – Apple iTunes 7.0.2 - XML Parsing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1008
20 Feb 2007 — Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Apple iTunes 7.0.2 permite a atacantes remotos con la intervención el usuario provocar una denegación de servicio (cierre de aplicación) mediante una lista XML manipulada ... • https://www.exploit-db.com/exploits/29616 •
CVSS: 7.8EPSS: 58%CPEs: 1EXPL: 0CVE-2006-1467 – Apple iTunes AAC File Parsing Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-1467
29 Jun 2006 — Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list f... • http://docs.info.apple.com/article.html?artnum=303952 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 74%CPEs: 4EXPL: 0CVE-2006-1249
https://notcve.org/view.php?id=CVE-2006-1249
19 Mar 2006 — Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. • http://lists.apple.com/archives/security-announce/2006/May/msg00002.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 94%CPEs: 2EXPL: 0CVE-2005-4092
https://notcve.org/view.php?id=CVE-2005-4092
08 Dec 2005 — Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally... • http://docs.info.apple.com/article.html?artnum=303101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2938
https://notcve.org/view.php?id=CVE-2005-2938
18 Nov 2005 — Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. • http://securitytracker.com/id?1015222 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2005-1248
https://notcve.org/view.php?id=CVE-2005-1248
16 May 2005 — Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. • http://docs.info.apple.com/article.html?artnum=301596 •
CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 3CVE-2005-0043 – Apple iTunes - Playlist Parsing Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0043
19 Jan 2005 — Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. • https://www.exploit-db.com/exploits/758 •