SynopsisThe remote host contains a multimedia application that has multiple vulnerabilities.
DescriptionThe version of Apple iTunes on the remote host is prior to version 10.2.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component :
- An integer overflow vulnerability exists in the handling of nodesets that can be exploited by a remote attacker to execute arbitrary code. (CVE-2011-1290)
- A use-after-free vulnerability exists in the handling of text nodes that can be exploited by a remote attacker to execute arbitrary code. (CVE-2011-1344)
Note that these only affect WebKit for Windows.
SolutionUpgrade to Apple iTunes 10.2.2 or later.