Detections
Analytics
Apple iTunes AAC File Parsing Integer Overflow (credentialed check)
medium Nessus Plugin ID 21782
Synopsis
The remote Windows host contains an application that is affected by a remote code execution flaw.Description
The remote host is running Apple iTunes, a popular media player.The remote version of iTunes is vulnerable to an integer overflow when it parses a specially crafted AAC file. By tricking a user into opening such a file, a remote attacker may be able to leverage this issue to execute arbitrary code on the affected host, subject to the privileges of the user running the application.
Solution
Upgrade to Apple iTunes 6.0.5 or later.See Also
http://www.securityfocus.com/advisories/10781
https://lists.apple.com/archives/security-announce/2006/Jun/msg00001.html
Plugin Details
Severity: Medium
ID: 21782
File Name: itunes_605.nasl
Version: 1.19
Type: local
Agent: windows
Family: Windows
Published: 6/30/2006
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Temporal Score: 3.8
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:itunes
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 6/29/2006
Reference Information
CVE: CVE-2006-1467
BID: 18730