A buffer overflow exists in iTunes. The application fails to validate itms:// URI data resulting in a stack overflow. With a specially crafted link, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Exploit Database: 11138 8861 8934
• CVE ID: 2009-0950 (see also: NVD)
• Bugtraq ID: 35157
• Secunia Advisory ID: 35314
• SCIP VulDB ID: 3980
• Metasploit ID: 54833
• Milw0rm: 8861 8934
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-06/0038.html
  http://lists.apple.com/archives/security-announce/2009/Jun/msg00001.html
• Other Advisory URL: http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
  http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
  http://www.vupen.com/english/advisories/2009/1470
• Generic Exploit URL: http://static.dataspill.org/releases/itunes/itms_overflow.rb
  http://www.saintcorporation.com/cgi-bin/exploit_info/itunes_itms
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT3592

• Rob King - TippingPoint DVLabs
• Will Drewry - via VUPEN