iTunes < 7.4.0 MP4/AAC File covr atom Overflow
Medium Nessus Network Monitor Plugin ID 4204
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running iTunes - an application for managing and listening to music media files.
This version of iTunes is vulnerable to a buffer overflow due to the way that it processes malformed MP4/AAC files. An attacker exploiting this flaw would need to be able to entice an iTunes user into opening a malformed file. Successful exploitation would result in the attacker executing arbitrary code on the remote system.
SolutionUpgrade to version 7.4.0 or higher.