| VID |
28236 |
| Severity |
40 |
| Port |
3689 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of iTunes which is older than 8.2 has been installed on the host.
The remote version of iTunes is older than 8.2. Such versions are affected by a stack-based buffer overflow that can be triggered when parsing 'itms:' URLs. If an attacker can trick a user on the affected host into clicking on a malicious link, he can leverage this issue to crash the affected application or to execute arbitrary code on the affected system subject to the user's privileges.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts
* References:
http://support.apple.com/kb/HT3592
http://lists.apple.com/archives/security-announce/2009/jun/msg00001.html
* Platforms Affected:
Apple Computer, Inc., iTunes versions prior to 8.2
Microsoft Windows Any version
Mac OS X |
| Recommendation |
Upgrade to the latest version of iTunes (8.2 or later), available from the Apple Download Web site at http://www.apple.com/itunes/download/ |
| Related URL |
CVE-2009-0950 (CVE) |
| Related URL |
35157 (SecurityFocus) |
| Related URL |
(ISS) |
|
