iTunes < 9.1 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5491

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote version of iTunes is older than 9.1. Such versions may be affected by multiple vulnerabilities :

- A buffer underflow in ImageIO's handling of TIFF images may lead to an application crash or arbitrary code execution. (CVE-2009-2285)

- An integer overflow in the application's handling of images with an embedded color profile may lead to an application crash or arbitrary code execution. (CVE-2010-0040)

- An uninitialized memory access issue in ImageIO's handling of BMP images may result in sending data from Safari's memory to a website under an attacker's control. (CVE-2010-0041)

- An uninitialized memory access issue in ImageIO's handling of TIFF images may result in sending data from Safari's memory to a website under an attacker's control. (CVE-2010-0042)

- A memory corruption issue in the application's handling of TIFF images may lead to an application crash or arbitrary code execution. (CVE-2010-0043)

- An infinite loop in the application's handling of imported MP4 podcast files may lead to an application crash and prevent subsequent operation. (CVE-2010-0531)

- A race condition during the installation process may allow a local user modify a file that is then executed with SYSTEM privileges. (CVE-2010-0532)

- A path searching issue may allow code execution if an attacker can place a specially crafted DLL in a directory and have a user open anothe file using iTunes in that directory. (CVE-2010-1795)

- Syncing a mobile device may allow a local user to gain the priviliges of the console user due to an insecure file operation in the handling of log files. (CVE-2010-1768)

Solution

Upgrade to iTunes 9.1 or later.

See Also

http://support.apple.com/kb/HT4105

http://lists.apple.com/archives/security-announce/2010/mar/msg00003.html

http://www.securityfocus.com/advisories/19388

Plugin Details

Severity: High

ID: 5491

Family: Web Clients

Published: 2010/03/31

Modified: 2016/01/15

Dependencies: 1735, 8314

Nessus ID: 45389, 45390, 45391

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Patch Publication Date: 2010/03/30

Vulnerability Publication Date: 2010/03/30

Reference Information

CVE: CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0531, CVE-2010-0532, CVE-2010-1768, CVE-2010-1795

BID: 38673, 38674, 38676, 38677, 39092, 39113, 42538, 42541