Detections
Analytics
Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (credentialed check)
high Nessus Plugin ID 20219
Synopsis
The remote host contains an application that is affected by a local code execution flaw.Description
The version of Apple iTunes for Windows on the remote host launches a helper application by searching for it through various system paths.An attacker with local access can leverage this issue to place a malicious program in a system path and have it called before the helper application.
Solution
Upgrade to Apple iTunes 6 for Windows or later.See Also
http://www.nessus.org/u?1d16d359
https://lists.apple.com/archives/security-announce/2005/Nov/msg00001.html
Plugin Details
Severity: High
ID: 20219
File Name: itunes_code_exec_creds.nasl
Version: 1.18
Type: local
Agent: windows
Family: Windows
Published: 11/16/2005
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:itunes
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 11/16/2005
Reference Information
CVE: CVE-2005-2938
BID: 15446