CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities :

  - The included versions of the WebKit, libxml, and libxslt     components in iTunes contain several errors that can     lead to memory corruption and arbitrary code execution.
    The vendor states that one possible vector is a man-in-     the-middle attack while the application browses the     'iTunes Store'. Please note that these vulnerabilities     only affect the application when it is running on a     Windows host. (CVE-2011-3102, CVE-2012-0841,     CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,     CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,     CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,     CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,     CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,     CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,     CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  - An uninitialized memory access error exists in the     handling of text tracks. By using a specially crafted     movie file, a remote attacker can exploit this to cause     a denial of service or execute arbitrary code.
    (CVE-2013-1024)

  - An error exists related to the iTunes Tutorials window     that can allow an attacker in a privileged network     location to inject content. Note that this vulnerability     only affects the application installed on a Mac OS X     host. (CVE-2014-1242)

The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues :

  - The included versions of WebKit, libxml, and libxslt     contain several errors that could lead to memory     corruption and possibly arbitrary code execution. The     vendor notes that one possible attack vector is a     man-in-the-middle attack while the application browses     the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841,     CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,     CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,     CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,     CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,     CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,     CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,     CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  - An error exists related to text tracks in movie files     that could allow denial of service or arbitrary code     execution. (CVE-2013-1024)

  - An error exists related to the iTunes Tutorials window     that could allow an attacker in a privileged network     location to inject content. (CVE-2014-1242)

The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities :

  - An uninitialized memory access error exists in the     handling of text tracks. By using a specially crafted     movie file, a remote attacker can exploit this to cause     a denial of service or execute arbitrary code.
    (CVE-2013-1024)

  - The included versions of the WebKit, libxml, and libxslt     components in iTunes contain several errors that can     lead to memory corruption and arbitrary code execution.
    The vendor states that one possible vector is a man-in-     the-middle attack while the application browses the     'iTunes Store'.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,     CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,     CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,     CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,     CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,     CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,     CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,     CVE-2013-5127, CVE-2013-5128)

The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues :

  - An uninitialized memory access issue exists in the     handling of text tracks, which could lead to memory     corruption and possibly arbitrary code execution.
    (CVE-2013-1024)

  - The included versions of WebKit, libxml, and libxslt     contain several errors that could lead to memory     corruption and possibly arbitrary code execution. The     vendor notes that one possible attack vector is a     man-in-the-middle attack while the application browses     the 'iTunes Store'.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,     CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,     CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,     CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,     CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,     CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,     CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,     CVE-2013-5127, CVE-2013-5128)

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.4. The newer version contains numerous security-related fixes :

  - A local security-bypass vulnerability exists that affects the Disk Management component. The issue can be exploited by an unauthorized attacker to disable FileVault using the command-line. (CVE-2013-0985)

  - A security-bypass vulnerability in SMB file sharing can occur whereby an authenticated attacker can write files outside the shared directory. (CVE-2013-0990)

  - A remote buffer-overflow vulnerability exists when handling certain PICT images. (CVE-2013-0975)

  - A security-bypass vulnerability exists whereby an attacker with access to a user's session may be able to log into previously accessed sites. An attacker can exploit this issue even if Private Browsing was used. (CVE-2013-0982)

  - A remote-code execution issue affects the text glyphs because of an unbounded stack allocation when handling maliciously crafted URLs. (CVE-2013-0983)

  - A remote-code execution vulnerability exists due to improper handling of text tracks. (CVE-2013-1024)

  - A buffer-overflow vulnerability exists in the Directory Service daemon that can be exploited via a specially crafted network message. (CVE-2013-0984)

The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied.  This update contains numerous security-related fixes for the following components :

  - CoreMedia Playback (10.7 only)
  - Directory Service (10.6 only)
  - OpenSSL
  - QuickDraw Manager
  - QuickTime
  - Ruby (10.6 only)
  - SMB (10.7 only)

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components :

  - CFNetwork
  - CoreAnimation
  - CoreMedia Playback
  - CUPS
  - Disk Management
  - OpenSSL
  - QuickDraw Manager
  - QuickTime
  - SMB

Versions of iTunes earlier than 11.1.4 are reportedly affected by the following vulnerabilities:

  - An uninitialized memory access issue in the handling of text tracks could be leveraged for arbitrary code execution via a malicious movie file.

  - Multiple memory corruption issues exist in WebKit, which can be leveraged for arbitrary code execution via a man-in-the-middle attack.

  - Multiple memory corruption issues exist in the libxml library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

  - Multiple memory corruption issues exist in the libxslt library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

ID	Name	Product	Family	Severity
72105	Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
72104	Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
70589	Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
70588	Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
801016	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Log Correlation Engine	Operating System Detection	high
6857	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Nessus Network Monitor	Web Clients	critical
66809	Mac OS X Multiple Vulnerabilities (Security Update 2013-002)	Nessus	MacOS X Local Security Checks	critical
66808	Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
8095	iTunes for Windows < 11.1.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high

Detections

Analytics

CVE-2013-1024

high

Tenable Plugins

high

high

high

high

high

critical

critical

high

high