Apple iTunes 8.1.x (daap) remote buffer overflow exploit that binds a shell to port 4444.
2bb5bfe2e71d4174f29903dbbe4432af6a53097f6a819366afce1e705044cd72
This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
3cb12bf18862a6b8d19ec162dc207e19cb5f515c8eb78c636ca9c004868e964d
Apple iTunes version 8.1.1.10 itms/itcp buffer overflow exploit for Microsoft Windows.
140b17c3410e2700b0f0b0f6aba6cda0e9899e7773db6b0f7c41bb673a524261
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iTunes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the URL handlers associated with iTunes. When processing URLs via the protocol handlers "itms", "itmss", "daap", "pcast", and "itpc" an exploitable stack overflow occurs. Successful exploitation can lead to a remote system compromise under the credentials of the currently logged in user.
8d637afa2075e90e1be84aa4abb5915cf1bc7f9771a686d21746d62b6f3f9b6d