| VID |
28233 |
| Severity |
30 |
| Port |
3689 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of iTunes application before 8.0 which is vulnerable to an integer buffer overflow is running on the host. Apple iTunes versions prior to 8.0 could allow an attacker to obtain elevated privileges on the system due to an integer-overflow issue in a third-party driver provided with iTunes. A local attacker could exploit this vulnerability to cause a denial-of-service condition or execute arbitrary commands on the affected system with system privileges.
* References:
http://support.apple.com/kb/HT3025
http://lists.apple.com/archives/security-announce/2008/Sep/msg00001.html
http://securitytracker.com/alerts/2008/Sep/1020839.html
* Platforms Affected:
Apple Computer, Inc., iTunes versions prior to 8.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of iTunes (8.0 or later), available from the Apple Download Web site at http://www.apple.com/itunes/download/ |
| Related URL |
CVE-2008-3636 (CVE) |
| Related URL |
31089 (SecurityFocus) |
| Related URL |
(ISS) |
|
