|
|
Family: Gain a shell remotely --> Category: infos
iTunes For Windows Local Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for an local code execution vulnerability in iTunes for Windows
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is affected by a local
code execution flaw.
Description :
According to its banner, the version of iTunes for Windows on the
remote host launches a helper application by searching for it through
various system paths. A possible hacker with local access can leverage this
issue to place a malicious program in a system path and have it called
before the helper application.
See also :
http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities
http://lists.apple.com/archives/security-announce/2005/Nov/msg00001.html
Solution :
Upgrade to iTunes 6 for Windows or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
