|
Family: Gain a shell remotely --> Category: infos
iTunes AAC File Integer Overflow Vulnerability (network check) Vulnerability Scan
Vulnerability Scan Summary Check the version of iTunes
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is affected by a remote
code execution flaw.
Description :
The remote host appears to be running iTunes, a popular jukebox program.
The remote version of iTunes is vulnerable to an integer overflow when
it parses a specially crafted AAC file. By tricking a user into
opening such a file, a remote attacker may be able to leverage this
issue to execute arbitrary code on the affected host, subject to the
rights of the user running the application.
See also :
http://www.securityfocus.com/advisories/10781
http://lists.apple.com/archives/security-announce//2006/Jun/msg00001.html
Solution :
Upgrade to iTunes 6.0.5 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|