Detections
Analytics
Apple iTunes < 11.1 Multiple Vulnerabilities (credentialed check)
high Nessus Plugin ID 70026
Language:
Synopsis
The remote host contains an application that is affected by a code execution vulnerability.Description
The version of Apple iTunes installed on the remote Windows host is older than 11.1. It is, therefore, affected by a memory corruption issue in the iTunes ActiveX control, which could lead to the application terminating or arbitrary code execution.Solution
Upgrade to Apple iTunes 11.1 or later.See Also
https://support.apple.com/en-us/HT202814
https://lists.apple.com/archives/security-announce/2013/Sep/msg00005.html
https://www.securityfocus.com/archive/1/528716/30/0/threaded
Plugin Details
Severity: High
ID: 70026
File Name: itunes_11_1.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 9/20/2013
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:itunes
Required KB Items: SMB/iTunes/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 9/18/2013
Vulnerability Publication Date: 9/18/2013
Reference Information
CVE: CVE-2013-1035
BID: 62486
APPLE-SA: APPLE-SA-2013-09-18-1