CVE-2006-1467
Apple iTunes AAC File Parsing Integer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list file.
The specific flaw exists during the processing of malicious AAC media files such as those with extensions .M4A and .M4P. During the parsing of the sample table size atom (STSZ), a malformed 'sample_size_table' value can trigger an integer overflow leading to an exploitable memory corruption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-03-28 CVE Reserved
- 2006-06-29 CVE Published
- 2023-05-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1016413 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/438812/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/18730 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-020.html | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27481 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=303952 | 2018-10-18 | |
| http://secunia.com/advisories/20891 | 2018-10-18 | |
| http://www.kb.cert.org/vuls/id/907836 | 2018-10-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2601 | 2018-10-18 |