icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

iTunes < 10.6.3 Multiple Vulnerabilities

High

Synopsis

The remote host contains a multimedia application that has multiple vulnerabilities.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 10.6.3 are reportedly affected by the following issues:

- A memory corruption issue exists in WebKit that can allow malicious websites to crash the application and possibly execute arbitrary code. (CVE-2012-0672)

- A heap-based buffer overflow exists related to the handling of 'm3u' playlist files. This error can cause the application to crash or possibly allow arbitrary code execution. (CVE-2012-0677)

Solution

Upgrade to iTunes 10.6.3 or later.