icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

iTunes < 11.1 ActiveX Memory Corruption

Medium

Synopsis

The remote host is running a multimedia application that contains a potential memory corruption vulnerability.

Description

Versions of iTunes earlier than 11.1 are reportedly affected by a memory corruption vulnerability that can be triggered via an ActiveX control. This is due to insufficient user input sanitation, by which a context-dependent attacker may execute arbitrary code or terminate the application.

Solution

Upgrade to iTunes 11.1 or later.