SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   iTunes Vendors:   Apple Computer
Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025152
SecurityTracker URL:  http://securitytracker.com/id/1025152
CVE Reference:   CVE-2011-0170, CVE-2011-0191, CVE-2011-0192, CVE-2010-4494, CVE-2010-4008, CVE-2010-1824, CVE-2011-0111, CVE-2011-0112, CVE-2011-0113, CVE-2011-0114, CVE-2011-0115, CVE-2011-0116, CVE-2011-0117, CVE-2011-0118, CVE-2011-0119, CVE-2011-0120, CVE-2011-0121, CVE-2011-0122, CVE-2011-0123, CVE-2011-0124, CVE-2011-0125, CVE-2011-0126, CVE-2011-0127, CVE-2011-0128, CVE-2011-0129, CVE-2011-0130, CVE-2011-0131, CVE-2011-0132, CVE-2011-0133, CVE-2011-0134, CVE-2011-0135, CVE-2011-0136, CVE-2011-0137, CVE-2011-0138, CVE-2011-0139, CVE-2011-0140, CVE-2011-0141, CVE-2011-0142, CVE-2011-0143, CVE-2011-0144, CVE-2011-0145, CVE-2011-0146, CVE-2011-0147, CVE-2011-0148, CVE-2011-0149, CVE-2011-0150, CVE-2011-0151, CVE-2011-0152, CVE-2011-0153, CVE-2011-0154, CVE-2011-0155, CVE-2011-0156, CVE-2011-0164, CVE-2011-0165, CVE-2011-0168   (Links to External Site)
Date:  Mar 3 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.2
Description:   Multiple vulnerabilities were reported in Apple iTunes. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted JPEG image that, when loaded by the target user, will trigger a heap overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0170]. The code will run with the privileges of the target user. Andrzej Dyjak reported this vulnerability via iDefense VCP.

A remote user can create a specially crafted JPEG encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0191]. The code will run with the privileges of the target user.

A remote user can create a specially crafted CCITT Group 4 encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2011-0192]. The code will run with the privileges of the target user.

A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a double free error and execute arbitrary code on the target system [CVE-2010-4494]. The code will run with the privileges of the target user. Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences, reported this vulnerability.

A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-4008]. The code will run with the privileges of the target user. Bui Quang Minh from Bkis (www.bkis.com) reported this vulnerability.

A remote user with the ability to conduct a man-in-the-middle attack can trigger multiple memory corruption errors in WebKit while the target user browses the iTunes Store via iTunes to execute arbitrary code on the target user's system [

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   The vendor has issued a fix (10.2).

The vendor's advisory is available at:

http://support.apple.com/kb/HT4554
Vendor URL:  support.apple.com/kb/HT4554 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:   UNIX (OS X), Windows (7), Windows (Vista), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 22 2011 (Apple Issues Fix for Apple Safari) Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
Apple has issued a fix for Apple Safari.
Oct 12 2011 (Apple Issues Fix) Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
Apple has issued a fix for iTunes.


 Source Message Contents
Date:  Wed, 2 Mar 2011 13:33:08 -0800
Subject:  APPLE-SA-2011-03-02-1 iTunes 10.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-03-02-1 iTunes 10.2

iTunes 10.2 is now available and addresses the following:

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Multiple vulnerabilities in libpng
Description:  libpng is updated to version 1.4.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. For Mac OS X v10.5 systems, this is addressed in Security
Update 2010-007. Further information is available via the libpng
website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2010-1205
CVE-2010-2249

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow issue existed in ImageIO's
handling of JPEG images. Viewing a maliciously crafted JPEG image may
lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may result in an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in libTIFF's handling of JPEG
encoded TIFF images. Viewing a maliciously crafted TIFF image may
result in an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2011-0191 : Apple

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may result in an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in libTIFF's handling of
CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF
image may result in an unexpected application termination or
arbitrary code execution.
CVE-ID
CVE-2011-0192 : Apple

libxml
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description:  A double free issue existed in libxml's handling of
XPath expressions. Processing a maliciously crafted XML file may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences

libxml
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in libxml's XPath
handling. Processing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-4008 : Bui Quang Minh from Bkis (www.bkis.com)

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution
Description:  Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes
may lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2010-1824 : kuzzcc, and wushi of team509 working with
TippingPoint's Zero Day Initiative
CVE-2011-0111 : Sergey Glazunov
CVE-2011-0112 : Yuzo Fujishima of Google Inc.
CVE-2011-0113 : Andreas Kling of Nokia
CVE-2011-0114 : Chris Evans of Google Chrome Security Team
CVE-2011-0115 : J23 working with TippingPoint's Zero Day Initiative,
and Emil A Eklund of Google, Inc
CVE-2011-0116 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0117 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0118 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0119 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0120 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0121 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0122 : Slawomir Blazek
CVE-2011-0123 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0124 : Yuzo Fujishima of Google Inc.
CVE-2011-0125 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0126 : Mihai Parparita of Google, Inc.
CVE-2011-0127 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0128 : David Bloom
CVE-2011-0129 : Famlam
CVE-2011-0130 : Apple
CVE-2011-0131 : wushi of team509
CVE-2011-0132 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0133 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0134 : Jan Tosovsky
CVE-2011-0135 : an anonymous reporter
CVE-2011-0136 : Sergey Glazunov
CVE-2011-0137 : Sergey Glazunov
CVE-2011-0138 : kuzzcc
CVE-2011-0139 : kuzzcc
CVE-2011-0140 : Sergey Glazunov
CVE-2011-0141 : Chris Rohlf of Matasano Security
CVE-2011-0142 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0143 : Slawomir Blazek and Sergey Glazunov
CVE-2011-0144 : Emil A Eklund of Google, Inc.
CVE-2011-0145 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0146 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0147 : Dirk Schulze
CVE-2011-0148 : Michal Zalewski of Google, Inc.
CVE-2011-0149 : wushi of team509 working with TippingPoint's Zero Day
Initiative, and SkyLined of Google Chrome Security Team
CVE-2011-0150 : Michael Gundlach of safariadblock.com
CVE-2011-0151 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0152 : SkyLined of Google Chrome Security Team
CVE-2011-0153 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0154 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0155 : Aki Helin of OUSPG
CVE-2011-0156 : Abhishek Arya (Inferno) of Google, Inc.
CVE-2011-0164 : Apple
CVE-2011-0165 : Sergey Glazunov
CVE-2011-0168 : Sergey Glazunov


iTunes 10.2 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes10.2.dmg"
Its SHA-1 digest is: 35da52c03a478d7ff325e67d589e48afd195c9ab

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 1f40939eaca43648e55c137be220fa391bb48c6c

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: efc23fc7d92eb95a1f2588b8a6506d99b726c9ea

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNbrZ2AAoJEGnF2JsdZQeeIowH/1cW7yQKs7Jz3TAJjOwPkT6M
ETX53z7DBl1CLYYg6QZfbumUWrzj182WT5rKlt8qAhbxsMz4gLJ+TIqaaVn53NLV
c0mq9LN615DhXXsMWsHeINinSky6wZMjlTApocp3PwWQTGZn8rg7qnaUuNC+x2Y2
OxPOsCGyRtbzIq8AZMgJfK2J1Rm1TGQi5s/wSSkDq61R0CVyXHhzMG8L+ChUXDrQ
dKggtQQ8JeJK0kRp/q4kmJLxRBsimH21ame2urUrRKjXvvnqGLqy9pqJG9tbLFp2
1xlBg95tEF38v9wNRAx6gylN2dcGLvmK6+qqyvveenfGqlXd6BWmh4Ut4zHsD/4=
=pvse
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC