header-logo
Suggest Exploit
vendor:
iTunes
by:
Not specified
4.3
CVSS
MEDIUM
Denial-of-Service
399
CWE
Product Name: iTunes
Affected Version From: 7.0.2
Affected Version To: 7.0.2
Patch Exists: YES
Related CWE: CVE-2006-0307
CPE: a:apple:itunes:7.0.2
Metasploit:
Other Scripts:
Platforms Tested:
2006

Apple iTunes Remote Denial-of-Service Vulnerability

The vulnerability exists because the application does not properly handle malformed XML playlist files. An attacker can exploit this issue by crafting a malicious playlist file and tricking the user into opening it, causing the application to crash and resulting in a denial-of-service condition.

Mitigation:

Update to a patched version of iTunes. As of this writing, the latest version is 7.0.3, which addresses this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22615/info

Apple iTunes is prone to a remote denial-of-service vulnerability because the application fails to handle malformed XML playlist files.

An attacker can exploit this issue to crash the application, triggering a denial-of-service condition.

Apple iTunes version 7.0.2 for Intel and PowerPC are vulnerable to this issue; other versions may also be affected. 

<?die with your boots on?>
<kb:station_record>
<kb:station_url_record>
</kb:station_url_record>