Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes < 10.2.2 Multiple Vulnerabilities

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 10.2.2 are potentially affected by several issues :

- An integer overflow issue in the handling of nodesets could lead to a crash or arbitrary code execution. (CVE-2011-1290)

- A use after free issue in the handling of text nodes could lead to a crash or arbitrary code execution. (CVE-2011-1344)

Solution

Upgrade to iTunes 10.2.2 or later.