iTunes < 9.2 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5573
SynopsisThe remote host contains an application that is vulnerable to multiple attack vectors.
DescriptionVersions of iTunes older than 9.2 are potentially affected by multiple vulnerabilities :
- A heap buffer overflow in the handling of images with an embedded ColorSync profile may lead to an application crash or arbitrary code execution. (CVE-2009-1726)
- Multiple integer overflows in ImageIO's handling of TIFF files may lead to an application crash or arbitrary code execution. (CVE-2010-1411)
- Multiple vulnerabilities in WebKit may have a variety of effects, including arbitrary code execution. (CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774)
SolutionUpgrade to iTune 9.2 or later.