-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes

[john.r.bond () gmail com]

-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes




8======================D~~
[+] BACKGROUND
8======================D~~
This product has no identified background.
8======================D~~
[+] DESCRIPTION
8======================D~~
It is possible to make Apple iTunes crash by the use of malformed input.

8======================D~~
[+] HISTORY
8======================D~~
5-1-2006 [+] Vendor Notification.
17-2-2006 [+] Vendor Reply.
16-3-2006 [+] Public Disclosure.
8======================D~~
[+] WORKAROUND
8======================D~~
There was no identified workarounds.
8======================D~~
[+] VENDOR RESPONSE
8======================D~~
Apple iTunes has presented no identified information.
8======================D~~
[+] CVE INFORMATION
8======================D~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-137848 to this issue

8======================D~~
APPENDIX A VENDOR INFORMATION
8======================D~~
http://www.apple.com/itunes/

8======================D~~
APPENDIX B REFERENCES
8======================D~~
RFC 4231

8======================D~~
CONTACT
8======================D~~
John Bond john.r.bond () gmail com

CSFA GREM SSP-CNSA SSP-MPA GWAS CAP 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/