|
Family: Windows --> Category: infos
iTunes For Windows Local Code Execution Vulnerability (registry check) Vulnerability Scan
Vulnerability Scan Summary Checks for an local code execution vulnerability in iTunes for Windows
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is affected by a local
code execution flaw.
Description :
The version of iTunes for Windows on the remote host launches a helper
application by searching for it through various system paths. An
attacker with local access can leverage this issue to place a
malicious program in a system path and have it called before the
helper application.
See also :
http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities
http://lists.apple.com/archives/security-announce/2005/Nov/msg00001.html
Solution :
Upgrade to iTunes 6 for Windows or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|