{"vuid":"VU#907836","idnumber":"907836","name":"Apple iTunes fails to properly parse AAC files","keywords":["Apple","iTunes","integer overflow","DoS","denial of service","arbitrary code execution","sample_size_table"],"overview":"Apple iTunes does not properly parse AAC files. This vulnerability may allow a remote attacker to execute arbitrary code.","clean_desc":"Apple iTunes Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. Advanced Audio Coding (AAC) file format According to Apple, Advanced Audio Coding (AAC) is at the core of the MPEG-4, 3GPP and 3GPP2 specifications and is the audio codec of choice for Internet, wireless and digital broadcast arenas. AAC provides audio encoding that compresses much more efficiently than older formats, such as MP3, yet delivers quality rivaling that of uncompressed CD audio. The AAC format is used in files with .M4P, .M4A, and .M4B extensions. The Problem Apple iTunes contains an integer overflow in the code used to parse AAC files. If a remote unauthenticated attacker persuades a user to access a specially crafted AAC file with iTunes, that attacker may be able to trigger the overflow. Note that this vulnerability affects iTunes for Mac OS X and Microsoft Windows. For more information refer to the Security Content for iTunes 6.0.5.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code.","resolution":"Upgrade iTunes\nApple has release iTunes 6.0.5 to address this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits ATmaCA working with TippingPoint and the Zero Day Initiative for reporting this issue.","author":"This document was written by Chad R Dougherty and Jeff Gennari.","public":["http://docs.info.apple.com/article.html?artnum=303952","http://www.zerodayinitiative.com/advisories/ZDI-06-020.html","http://secunia.com/advisories/20891/"],"cveids":["CVE-2006-1467"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-30T12:37:31Z","publicdate":"2006-06-29T00:00:00Z","datefirstpublished":"2006-06-30T18:23:51Z","dateupdated":"2006-06-30T18:27:11Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"11.73","cam_scorecurrentwidelyknown":"14.28","cam_scorecurrentwidelyknownexploited":"24.48","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.73,"vulnote":null}