Full Disclosure mailing list archives
-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes
From: john.r.bond () gmail com
Date: Thu, 16 Mar 2006 08:30:35 +0000 (GMT)
-ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes 8======================D~~ [+] BACKGROUND 8======================D~~ This product has no identified background. 8======================D~~ [+] DESCRIPTION 8======================D~~ It is possible to make Apple iTunes crash by the use of malformed input. 8======================D~~ [+] HISTORY 8======================D~~ 5-1-2006 [+] Vendor Notification. 17-2-2006 [+] Vendor Reply. 16-3-2006 [+] Public Disclosure. 8======================D~~ [+] WORKAROUND 8======================D~~ There was no identified workarounds. 8======================D~~ [+] VENDOR RESPONSE 8======================D~~ Apple iTunes has presented no identified information. 8======================D~~ [+] CVE INFORMATION 8======================D~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-137848 to this issue 8======================D~~ APPENDIX A VENDOR INFORMATION 8======================D~~ http://www.apple.com/itunes/ 8======================D~~ APPENDIX B REFERENCES 8======================D~~ RFC 4231 8======================D~~ CONTACT 8======================D~~ John Bond john.r.bond () gmail com CSFA GREM SSP-CNSA SSP-MPA GWAS CAP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- -ADVISORY- $ x Thu Mar 16 03:30:09 EST 2006 x $ Off-by-one in Apple iTunes john . r . bond (Mar 16)