Vulnerability Details : CVE-2005-0043
Public exploit exists!
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-0043
Probability of exploitation activity in the next 30 days: 18.63%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2005-0043
-
Apple ITunes 4.7 Playlist Buffer Overflow
Disclosure Date: 2005-01-11First seen: 2020-04-26exploit/windows/browser/apple_itunes_playlistThis module exploits a stack buffer overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an
CVSS scores for CVE-2005-0043
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-0043
-
http://www.securityfocus.com/bid/12238
Apple ITunes Playlist Buffer Overflow Vulnerability
-
http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities
Exploit;Patch
-
http://www.kb.cert.org/vuls/id/377368
Patch;Third Party Advisory;US Government Resource
-
http://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18851
-
http://securitytracker.com/id?1012839
Products affected by CVE-2005-0043
- cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*