iTunes for Windows < 12.3 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8958

Synopsis

The remote host is running a version of iTunes that is vulnerable to multiple vulnerabilities.

Description

Versions of iTunes earlier than 12.3 are affected by multiple vulnerabilities which include :

- A flaw exists in Microsoft Foundation Class's handling of library loading due to the use of a fixed path. An attacker can place a custom version of the file or library in the path, and the program will load it before the legitimate version. Thus, an attacker can leverage this flaw to execute custom code. (CVE-2010-3190)
- International Components for Unicode for C/C++ (ICU4C) contains several flaws. An overflow condition exists in the resolveImplicitLevels() function in 'ubidi.c', which is triggered as user-supplied input is not properly validated. Additionally, an integer truncation flaw exists in the same function in 'ubidi.c'. Either flaw may allow an attacker to crash an application linked against the library or potentially execute arbitrary code. (CVE-2014-8146, CVE-2014-8147, CVE-2015-5922)
- A flaw exists in CoreText that is triggered as user-supplied input is not properly validated when handling text and font files. This may allow a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-1157, CVE-2015-5874, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-5755, CVE-2015-5761)
- A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-1152, CVE-2015-1153, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823)
- An unspecified flaw exists that is triggered during the handling of network connection redirects. This may allow a remote man-in-the-middle attacker to gain access to hashed SMB credential information. (CVE-2015-5920)

Solution

Upgrade to Apple iTunes 12.3 or later.

See Also

https://support.apple.com/en-us/HT205221

Plugin Details

Severity: High

ID: 8958

Family: Web Clients

Published: 2015/10/23

Modified: 2015/10/23

Dependencies: 3820

Nessus ID: 86001

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Patch Publication Date: 2015/09/16

Vulnerability Publication Date: 2015/09/16

Reference Information

CVE: CVE-2010-3190, CVE-2014-8146, CVE-2015-1157, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-5755, CVE-2015-5761, CVE-2015-1152, CVE-2015-1153, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5874, CVE-2015-5920

BID: 42811, 72288, 74457, 74523, 74525, 75491, 76338, 76343, 76763, 76764, 76765, 76766