Apple iTunes < 7.4 Malformed Music File Heap Overflow (uncredentialed check)
High Nessus Plugin ID 26000
SynopsisThe remote host contains an application that is affected by a code execution vulnerability.
DescriptionThe version of Apple iTunes on the remote host is prior to version 7.4. It is, therefore, affected by a heap overflow vulnerability when it parses specially crafted MP4/AAC files. By convincing a user into opening such a file, a remote attacker can execute arbitrary code with the same level of privileges as the user.
SolutionUpgrade to Apple iTunes 7.4 or later.