Summary
This host has Apple iTunes installed, which is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code within the context of the affected application, failed exploit attempts will result in a denial of service condition.
Impact Level: Application
Solution
Upgrade to Apple iTunes Version 9.0.1
http://www.apple.com/itunes/download
Insight
The flaw exists in the handling of specially crafted '.pls' files. It fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Affected
Apple iTunes version prior to 9.0.1 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2817 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- avast! 'aswRdr.sys' Buffer Overflow Vulnerability
- Beatport Player '.m3u' File Buffer Overflow Vulnerability
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability