| VID |
28133 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The iTunes for Windows, according to its version number, has a local code execution vulnerability. Apple iTunes 4.7.1.30 and iTunes 5 for Windows could allow a local attacker to obtain elevated privileges, caused by an error in the way iTunes launches its helper application and searches system paths using the "CreateProcess()" and "CreateProcessAsUser()" functions to determine the program to run. A local attacker can create a malicious program with the same name as the intended application. If the program is placed in the appropriate directory and the iTunes helper application is executed by the target user, the malicious program will be executed with the privileges of the target user.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://lists.apple.com/archives/security-announce/2005/Nov/msg00001.html
http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities
http://www.frsirt.com/english/advisories/2005/2443
http://www.securitytracker.com/alerts/2005/Nov/1015222.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041475.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html
* Platforms Affected:
Apple Computer, Inc., iTunes 4.7.1.30 and iTunes 5
Microsoft Windows Any version |
| Recommendation |
Upgrade to iTunes 6 for Windows, available from the Apple Download Web site at http://www.apple.com/itunes/download/ |
| Related URL |
CVE-2005-2938 (CVE) |
| Related URL |
15446 (SecurityFocus) |
| Related URL |
23094 (ISS) |
|
