Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (uncredentialed check)

High Nessus Plugin ID 20218


The remote host contains an application that is affected by a local code execution flaw.


According to its banner, the version of Apple iTunes for Windows on the remote host launches a helper application by searching for it through various system paths. By placing a malicious program in a system path, an attacker with local access can exploit this behavior to execute code before the helper application and thereby gain privileges.


Upgrade to Apple iTunes 6 for Windows or later.

See Also

Plugin Details

Severity: High

ID: 20218

File Name: itunes_code_exec.nasl

Version: $Revision: 1.19 $

Type: remote

Published: 2005/11/16

Modified: 2015/08/03

Dependencies: 20217

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Required KB Items: iTunes/sharing

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/11/15

Vulnerability Publication Date: 2005/11/15

Reference Information

CVE: CVE-2005-2938

BID: 15446

OSVDB: 20988