| VID |
28278 |
| Severity |
40 |
| Port |
3689 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of iTunes which is older than 9.2.1 has been installed on the host.
The remote version of iTunes is older than 9.2.1. Such versions may be affected by a buffer overflow vulnerability in the handling of 'itpc:' URLs which may allow an attacker to execute arbitrary code on the remote host.
To exploit this vulnerability, an attacker would need to send a malformed itpc: link to user on the remote host and wait for him to click on it.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts
* References:
http://support.apple.com/kb/HT4263
* Platforms Affected:
Apple Computer, Inc., iTunes versions prior to 9.2.1
Microsoft Windows XP SP2/SP3
Microsoft Windows Vista/7
Prior to Mac OS X 10.4.11 |
| Recommendation |
Upgrade to the latest version of iTunes (9.2.1 or later), available from the Apple Download Web site at http://www.apple.com/itunes/download/ |
| Related URL |
CVE-2010-1777 (CVE) |
| Related URL |
41789 (SecurityFocus) |
| Related URL |
(ISS) |
|
