VDB
CVE-2006-1467
CVE-2006-1467
PUBLISHED
CVSS 5.099999904632568 MEDIUM
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
EPSS 29.73% · 96.7th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
29.73%
96.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| apple | itunes | 0 |
Timeline
- Jun 29, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- ADV-2006-2601 vdb
- 1016413 vdb
- http://www.zerodayinitiative.com/advisories/ZDI-06-020.html url
- 20891 third-party-advisory
- VU#907836 third-party-advisory
- 20060630 ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability mailing-list
- APPLE-SA-2006-06-29 vendor-advisory
- itunes-aac-file-overflow(27481) vdb
- 18730 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2006-1467 advisory