iTunes < 4.8.0 MPEG-4 Parsing Overflow (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by buffer overflow
vulnerability.

Description :

The remote host is running a version of iTunes which is older than
version 4.8.0. Such versions reportedly fail to perform certain
validation checks on MPEG4 files, and hence it could be possible
to trigger a buffer overflow condition. Successful exploitation of
this issue could lead to a denial of service condition or arbitrary
code execution on the remote system.

See also :

http://www.securityfocus.com/advisories/8545

Solution :

Upgrade to iTunes 4.8.0

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 18214 (macosx_iTunes_Overflow2.nasl)

Bugtraq ID: 13565

CVE ID: CVE-2005-1248