iTunes for Windows < 11.1.4 Multiple Vulnerabilities
PVS ID: 8095 FAMILY: Web Clients RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote host is running a multimedia application that is out of date and thus may contain vulnerabilities.\n\nVersions of iTunes earlier than 11.1.4 are reportedly affected by the following vulnerabilities:\n\n - An uninitialized memory access issue in the handling of text tracks could be leveraged for arbitrary code execution via a malicious movie file.\n\n - Multiple memory corruption issues exist in WebKit, which can be leveraged for arbitrary code execution via a man-in-the-middle attack.\n\n - Multiple memory corruption issues exist in the libxml library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.\n\n - Multiple memory corruption issues exist in the libxslt library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.\n\nFor your information, the version of iTunes detected was: \n%L

Solution: Upgrade to iTunes 11.1.4 or later.

CVE-2012-2871


Copyright Tenable Network Security Inc. 2014