Apple iTunes < 8.1 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The remote host contains a multimedia application that has multiple

Description :

The version of Apple iTunes on the remote host is prior to version
8.1. It is, therefore, affected by multiple vulnerabilities :

- A remote attacker can cause a denial of service by
sending a maliciously crafted DAAP message. Note that
this vulnerability only affects iTunes running on a
Windows host. (CVE-2009-0016)

- When subscribing to a podcast, an authentication dialog
may be presented to the user without clarifying the
origin of the authentication request. An attacker could
exploit this flaw in order to steal the user's iTunes
credentials. (CVE-2009-0143)

See also :

Solution :

Upgrade to Apple iTunes 8.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 35914 (itunes_8_1_banner.nasl)

Bugtraq ID: 34094

CVE ID: CVE-2009-0016