Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes < 9.0.1 Remote Code Execution

Medium

Synopsis

The remote host is vulnerable to a remote code execution attack.

Description

According to its banner, the version of iTunes installed on the remote host is older than 9.0.1. Such versions are potentially affected by a remote buffer overflow when opening specially crafted '.pls' files. An attacker could exploit this flaw to execute arbitrary code on the remote host subject to the privileges of the user running the application.

Solution

Upgrade to iTunes 9.0.1 or later.