Apple ITunes Multiple Vulnerabilities Network Vulnerability

Summary

This host has Apple iTunes installed, which is prone to multiple vulnerabilities.

Impact

This issue may be exploited to gain the user's itune credentials when subscribing to a malicious podcast and to cause denial of service. Impact Level: Application

Solution

Upgrade to iTunes Version 8.1 http://www.apple.com/itunes/download

Insight

- the origin of an authentication request is not properly informed to the user. - an error is generated while processing a Digital Audio Access Protocol (DAAP) message containing specially crafted Content-Length parameter in the header of a DAAP message.

Affected

Apple iTunes version prior to 8.1.0.51 on Windows.

References

http://secunia.com/advisories/34254
http://support.apple.com/kb/HT3487

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0016, CVE-2009-0143
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache APR-Utils Multiple Denial of Service Vulnerabilities
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
ddrLPD Remote Denial of Service Vulnerability
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability

Apple iTunes Multiple Vulnerabilities

Take action and discover your vulnerabilities