Apple iTunes MP4 File Processing Remote Denial Of Service Vulnerability

Bugtraq ID:	39113
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2010-0531
Remote:	Yes
Local:	No
Published:	Mar 30 2010 12:00AM
Updated:	Mar 30 2010 12:00AM
Credit:	Sojeong Hong of Sourcefire VRT
Vulnerable:	Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 7.4
Not Vulnerable:	Apple iTunes 9.1

Apple iTunes MP4 File Processing Remote Denial Of Service Vulnerability

Apple iTunes is prone to a remote denial-of-service vulnerability.

Successful exploits may allow an attacker to crash the application, resulting in a denial-of-service condition.

Versions prior to iTunes 9.1 are vulnerable.

Note: This issue was previously described in BID 39092 (Apple iTunes Privilege Escalation and Denial of Service Vulnerabilities) but has been given its own record to better document it.

Apple iTunes MP4 File Processing Remote Denial Of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple iTunes MP4 File Processing Remote Denial Of Service Vulnerability

Solution:
The vendor has released an update. Please see the references for more information.


Apple iTunes 9.0.2

• Apple APPLE-SA-2010-03-30-2iTunes64Setup.exe
  For 64-bit Windows XP / Vista / Windows 7
  http://www.apple.com/itunes/download/


• Apple APPLE-SA-2010-03-30-2iTunesSetup.exe
  For Windows XP / Vista / Windows 7
  http://www.apple.com/itunes/download/


• Apple iTunes9.1.dmg
  http://www.apple.com/itunes/download/

Apple iTunes MP4 File Processing Remote Denial Of Service Vulnerability

References:

• iTunes Homepage (Apple)