iTunes for Windows < 11.1.4 Multiple Vulnerabilities

Medium

Synopsis

The remote host is running a multimedia application that is out of date and thus may contain vulnerabilities.

Description

Versions of iTunes earlier than 11.1.4 are reportedly affected by the following vulnerabilities:

- An uninitialized memory access issue in the handling of text tracks could be leveraged for arbitrary code execution via a malicious movie file.

- Multiple memory corruption issues exist in WebKit, which can be leveraged for arbitrary code execution via a man-in-the-middle attack.

- Multiple memory corruption issues exist in the libxml library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

- Multiple memory corruption issues exist in the libxslt library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

Solution

Upgrade to iTunes 11.1.4 or later.