Apple ITunes Multiple Vulnerabilities Network Vulnerability

Summary

This host has Apple iTunes installed, which is prone to multiple vulnerabilities.

Impact

This issue may be exploited to gain the user's itune credentials when subscribing to a malicious podcast and to cause denial of service. Impact Level: Application

Solution

Upgrade to iTunes Version 8.1 http://www.apple.com/itunes/download

Insight

- the origin of an authentication request is not properly informed to the user. - an error is generated while processing a Digital Audio Access Protocol (DAAP) message containing specially crafted Content-Length parameter in the header of a DAAP message.

Affected

Apple iTunes version prior to 8.1.0.51 on Windows.

References

http://secunia.com/advisories/34254
http://support.apple.com/kb/HT3487

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0016, CVE-2009-0143

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Acrobat PDF File Denial Of Service Vulnerability
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
ddrLPD Remote Denial of Service Vulnerability
CUPS Empty UDP Datagram DoS Vulnerability
Comodo Internet Security Denial of Service Vulnerability-05

Apple iTunes Multiple Vulnerabilities

Take action and discover your vulnerabilities