Summary
This host has iTunes installed, which is prone to buffer overflow vulnerability.
Impact
Successful exploitation could allow the attacker to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition.
Impact Level: Application
Solution
Upgrade to Apple iTunes version 9.2.1 or later,
For updates refer to http://www.apple.com/itunes/download/
Insight
The flaw is exists in the handling of 'itpc:' URL, when loaded by the user will trigger a buffer overflow and execute arbitrary code on the target system.
Affected
Apple iTunes version prior to 9.2.1
References
Severity
Classification
-
CVE CVE-2010-1777 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
- Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
- Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities