Summary
This host has iTunes installed, which is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow the attacker to cause denial of service and obtain system privileges during installation.
Impact Level: Application
Solution
Upgrade to Apple Apple iTunes version 9.1 or later, For updates refer to http://www.apple.com/itunes/download/
Insight
Multiple flaws are due to:
- An infinite loop issue in the handling of 'MP4' files. A maliciously crafted podcast may be able to cause an infinite loop in iTunes, and prevent its operation even after it is relaunched.
- A privilege escalation issue in Windows installation package. During the installation process, a race condition may allow a local user to modify a file that is then executed with system privileges.
Affected
Apple iTunes version prior to 9.1 (9.1.0.79)
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-0531, CVE-2010-0532 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)