iTunes < 9.2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5573

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of iTunes older than 9.2 are potentially affected by multiple vulnerabilities :

- A heap buffer overflow in the handling of images with an embedded ColorSync profile may lead to an application crash or arbitrary code execution. (CVE-2009-1726)

- Multiple integer overflows in ImageIO's handling of TIFF files may lead to an application crash or arbitrary code execution. (CVE-2010-1411)

- Multiple vulnerabilities in WebKit may have a variety of effects, including arbitrary code execution. (CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774)

Solution

Upgrade to iTune 9.2 or later.

See Also

http://support.apple.com/kb/HT4220

http://lists.apple.com/archives/security-announce/2010/jun/msg00002.html

Plugin Details

Severity: Medium

ID: 5573

Family: Web Clients

Published: 6/17/2010

Updated: 3/6/2019

Dependencies: 1735, 8314

Nessus ID: 47037, 47038

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Patch Publication Date: 6/16/2010

Vulnerability Publication Date: 6/16/2010

Reference Information

CVE: CVE-2010-1411, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774, CVE-2009-1726, CVE-2010-1119, CVE-2010-1749, CVE-2010-0544, CVE-2010-1399, CVE-2010-1769, CVE-2010-1763

BID: 40657, 40663, 40697, 40710, 41053, 41054, 41125