Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (uncredentialed check)
High Nessus Plugin ID 20218
SynopsisThe remote host contains an application that is affected by a local code execution flaw.
DescriptionAccording to its banner, the version of Apple iTunes for Windows on the remote host launches a helper application by searching for it through various system paths. By placing a malicious program in a system path, an attacker with local access can exploit this behavior to execute code before the helper application and thereby gain privileges.
SolutionUpgrade to Apple iTunes 6 for Windows or later.