Apple iTunes < 8.1 Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an application that is affected by
multiple vulnerabilities.

Description :

The version of Apple iTunes installed on the remote Windows host is
older than 8.1. Such versions may be affected by multiple
vulnerabilities :

- It may be possible to cause a denial of service by
sending a maliciously crafted DAAP header to the
application. (CVE-2009-0016)

- When subscribing to a podcast an authentication dialog
may be presented without clarifying the origin of the
authentication request. An attacker could exploit this
flaw in order to steal the user's iTunes credentials.

See also :

Solution :

Upgrade to Apple iTunes 8.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 35913 (itunes_8_1.nasl)

Bugtraq ID: 34094

CVE ID: CVE-2009-0016

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now