iTunes < 10.6.3 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 6500
SynopsisThe remote host contains a multimedia application that has multiple vulnerabilities.
DescriptionThe remote host has iTunes installed, a popular media player for Windows and Mac OS.
Versions of iTunes earlier than 10.6.3 are reportedly affected by the following issues:
- A memory corruption issue exists in WebKit that can allow malicious websites to crash the application and possibly execute arbitrary code. (CVE-2012-0672)
- A heap-based buffer overflow exists related to the handling of 'm3u' playlist files. This error can cause the application to crash or possibly allow arbitrary code execution. (CVE-2012-0677)
SolutionUpgrade to iTunes 10.6.3 or later.