CVE-2011-3252

Name of the Vulnerable Software and Affected Versions Apple iTunes versions prior to 10.5

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, by providing a crafted Advanced Audio Coding (AAC) stream. This is related to a buffer overflow in CoreAudio.

Recommendations For versions prior to 10.5, update to version 10.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Advanced Audio Coding (AAC) streams until the update is applied.