iTunes < 10.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5806

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 10.2 are potentially affected by numerous issues in the following components :

- ImageIO

- libxml

- WebKit

Note that these issues only affect iTunes on Windows.

Solution

Upgrade to iTunes 10.2 or later.

See Also

http://support.apple.com/kb/HT4554

http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html

Plugin Details

Severity: High

ID: 5806

Family: Web Clients

Published: 3/3/2011

Updated: 3/6/2019

Nessus ID: 52534, 52535

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Patch Publication Date: 3/2/2011

Vulnerability Publication Date: 6/25/2010

Reference Information

CVE: CVE-2010-1205, CVE-2010-2249, CVE-2011-0192, CVE-2010-4008, CVE-2010-4494, CVE-2011-0191, CVE-2010-1824, CVE-2011-0150, CVE-2011-0120, CVE-2011-0130, CVE-2011-0119, CVE-2011-0152, CVE-2011-0151, CVE-2011-0140, CVE-2011-0113, CVE-2011-0114, CVE-2011-0147, CVE-2011-0127, CVE-2011-0125, CVE-2011-0112, CVE-2011-0138, CVE-2011-0165, CVE-2011-0170, CVE-2011-0111, CVE-2011-0115, CVE-2011-0116, CVE-2011-0117, CVE-2011-0118, CVE-2011-0121, CVE-2011-0122, CVE-2011-0123, CVE-2011-0124, CVE-2011-0126, CVE-2011-0128, CVE-2011-0129, CVE-2011-0131, CVE-2011-0132, CVE-2011-0133, CVE-2011-0134, CVE-2011-0135, CVE-2011-0136, CVE-2011-0137, CVE-2011-0139, CVE-2011-0141, CVE-2011-0142, CVE-2011-0143, CVE-2011-0144, CVE-2011-0145, CVE-2011-0146, CVE-2011-0148, CVE-2011-0149, CVE-2011-0153, CVE-2011-0154, CVE-2011-0155, CVE-2011-0156, CVE-2011-0164, CVE-2011-0168

BID: 41174, 44779, 46657, 46658, 46677, 46654, 46659, 46684, 46686, 46687, 46688, 46689, 46690, 46691, 46692, 46693, 46694, 46695, 46696, 46698, 46699, 46700, 46701, 46702, 46703, 46704, 46705, 46706, 46707, 46708, 46709, 46710, 46711, 46712, 46713, 46714, 46715, 46716, 46717, 46718, 46719, 46720, 46721, 46722, 46723, 46724, 46725, 46726, 46727, 46728, 46744, 46745, 46746, 46747, 46748, 46749

IAVA: 2012-A-0153, 2012-A-0073