Apple iTunes < 8.2 itms: URI Handling Overflow (credentialed check)
High Nessus Plugin ID 38985
SynopsisThe remote Windows host contains an application that is affected by a buffer overflow vulnerability.
DescriptionThe remote version of Apple iTunes is older than 8.2. Such versions are affected by a stack-based buffer overflow that can be triggered when parsing 'itms:' URLs. If an attacker can trick a user on the affected host into clicking on a malicious link, he can leverage this issue to crash the affected application or to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to Apple iTunes 8.2 or later.