Vulnerability Note VU#907836
Apple iTunes fails to properly parse AAC files
Apple iTunes does not properly parse AAC files. This vulnerability may allow a remote attacker to execute arbitrary code.
Apple iTunes contains an integer overflow in the code used to parse AAC files. If a remote unauthenticated attacker persuades a user to access a specially crafted AAC file with iTunes, that attacker may be able to trigger the overflow.
Note that this vulnerability affects iTunes for Mac OS X and Microsoft Windows. For more information refer to the Security Content for iTunes 6.0.5.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||30 Jun 2006|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits ATmaCA working with TippingPoint and the Zero Day Initiative for reporting this issue.
This document was written by Chad R Dougherty and Jeff Gennari.
- CVE IDs: CVE-2006-1467
- Date Public: 29 Jun 2006
- Date First Published: 30 Jun 2006
- Date Last Updated: 30 Jun 2006
- Severity Metric: 11.73
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.