CVE-2006-1467

Name of the Vulnerable Software and Affected Versions iTunes versions prior to 6.0.5

Description The issue is related to an integer overflow in the AAC file parsing code, which allows remote user-assisted attackers to execute arbitrary code via a specially crafted AAC file. The file must contain a sample table size (STSZ) atom with a sample size table value that is considered "malformed". This can be exploited when a user opens the malicious AAC file, potentially leading to arbitrary code execution.

Recommendations For versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.