|
Family: MacOS X Local Security Checks --> Category: infos
iTunes AAC File Integer Overflow Vulnerability (Mac OS X) Vulnerability Scan
Vulnerability Scan Summary Check the version of iTunes
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is affected by a remote
code execution flaw.
Description :
The remote host is running iTunes, a popular jukebox program.
The remote version of this software is vulnerable to an integer
overflow when it parses specially crafted AAC files which may
lead to the execution of arbitrary code.
A possible hacker may exploit this flaw by sending a malformed AAC
file to a user on the remote host and wait for him to play it
with iTunes.
See also :
http://www.securityfocus.com/advisories/10781
Solution :
Upgrade to iTunes 6.0.5 or newer
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|