Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes < 10.6.3 Multiple Vulnerabilities

High

Synopsis

The remote host contains a multimedia application that has multiple vulnerabilities.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 10.6.3 are reportedly affected by the following issues:

- A memory corruption issue exists in WebKit that can allow malicious websites to crash the application and possibly execute arbitrary code. (CVE-2012-0672)

- A heap-based buffer overflow exists related to the handling of 'm3u' playlist files. This error can cause the application to crash or possibly allow arbitrary code execution. (CVE-2012-0677)

Solution

Upgrade to iTunes 10.6.3 or later.