vendor:
dTunes
by:
TheLeader
7,8
CVSS
HIGH
Format String Vulnerability
134
CWE
Product Name: dTunes
Affected Version From: 2.72
Affected Version To: 2.72
Patch Exists: YES
Related CWE: N/A
CPE: a:dTunes:dTunes
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: iOS
2009
dTunes 2.72 local format string PoC (filename processing)
dTunes 2.72 is vulnerable to a local format string vulnerability in the filename processing. An attacker can exploit this vulnerability by copying a specially crafted file over to the device on /var/mobile/Library/Downloads/ and attempting to play it with dTunes. This can also be done through dTunes interface - just tap 'Edit', double tap any mp3 file, rename to '%s.mp3', tap 'Save', confirm & play. This will lead to a crash with a GDB backtrace.
Mitigation:
The vendor has released a patch to address this vulnerability.