CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 07/06/2009
CVE: CVE-2009-0950
BID: 35157
OSVDB: 54833
iTunes is a free media player for multiple platforms.
A buffer overflow vulnerability allows command execution when a user opens a specially crafted **itms://**
URL.
Upgrade to iTunes 8.2 or higher.
<http://support.apple.com/kb/HT3592>
Exploit works on iTunes 8.1.1 and requires a user to open the exploit URL in iTunes.
Windows XP