Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (credentialed check)
High Nessus Plugin ID 20219
SynopsisThe remote host contains an application that is affected by a local code execution flaw.
DescriptionThe version of Apple iTunes for Windows on the remote host launches a helper application by searching for it through various system paths.
An attacker with local access can leverage this issue to place a malicious program in a system path and have it called before the helper application.
SolutionUpgrade to Apple iTunes 6 for Windows or later.