iTunes < 4.8.0 MPEG-4 Parsing Overflow (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by buffer overflow

Description :

The remote host is running a version of iTunes which is older than
version 4.8.0. Such versions reportedly fail to perform certain
validation checks on MPEG4 files, and hence it could be possible
to trigger a buffer overflow condition. Successful exploitation of
this issue could lead to a denial of service condition or arbitrary
code execution on the remote system.

See also :

Solution :

Upgrade to iTunes 4.8.0

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 18214 (macosx_iTunes_Overflow2.nasl)

Bugtraq ID: 13565

CVE ID: CVE-2005-1248