iTunes < 4.8.0 MPEG-4 Parsing Overflow (Mac OS X)

high Nessus Plugin ID 18214

Synopsis

The remote host has an application that is affected by buffer overflow vulnerability.

Description

The remote host is running a version of iTunes which is older than version 4.8.0. Such versions reportedly fail to perform certain validation checks on MPEG4 files, and hence it could be possible to trigger a buffer overflow condition. Successful exploitation of this issue could lead to a denial of service condition or arbitrary code execution on the remote system.

Solution

Upgrade to iTunes 4.8.0

See Also

http://www.securityfocus.com/advisories/8545

Plugin Details

Severity: High

ID: 18214

File Name: macosx_iTunes_Overflow2.nasl

Version: 1.16

Type: local

Agent: macosx

Published: 5/9/2005

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Required KB Items: iTunes/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2005

Vulnerability Publication Date: 5/9/2005

Reference Information

CVE: CVE-2005-1248

BID: 13565