This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host contains an application that is affected by multiple
The version of Apple iTunes installed on the remote Windows host is
prior to 12.4.2. It is, therefore, affected by multiple
- Multiple memory corruption issues exist in the libxslt
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-1684,
CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,
- Multiple memory corruption issues exist in the libxml2
component that allow a remote attacker to cause a denial
of service condition or the execution of arbitrary code.
(CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,
- An XXE (Xml eXternal Entity) injection vulnerability
exists in the libxml2 component due to an incorrectly
configured XML parser accepting XML external entities
from an untrusted source. A remote attacker can exploit
this, via a specially crafted XML file, to disclose
arbitrary files and user information. (CVE-2016-4449)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Apple iTunes version 12.4.2 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Nessus Plugin ID: 92410 ()
CVE ID: CVE-2016-1684
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now