iTunes < 10.2.2 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5894
SynopsisThe remote host contains an application that is vulnerable to multiple attack vectors.
DescriptionThe remote host has iTunes installed, a popular media player for Windows and Mac OS.
Versions of iTunes earlier than 10.2.2 are potentially affected by several issues :
- An integer overflow issue in the handling of nodesets could lead to a crash or arbitrary code execution. (CVE-2011-1290)
- A use after free issue in the handling of text nodes could lead to a crash or arbitrary code execution. (CVE-2011-1344)
SolutionUpgrade to iTunes 10.2.2 or later.