Detections
Analytics
iTunes < 10.6 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 6345
Synopsis
The remote host contains an application that is susceptible to a man-in-the-middle attack.Description
The remote host has iTunes installed, a popular media player for Windows and Mac OS.Versions of iTunes earlier than 10.6 are reportedly affected by numerous memory corruption vulnerabilities in its WebKit component. Note that these issues only affect iTunes on Windows.
Solution
Upgrade to iTunes 10.6 or later.See Also
http://support.apple.com/kb/HT5191
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Plugin Details
Severity: High
ID: 6345
Family: Web Clients
Published: 3/13/2012
Updated: 3/6/2019
Nessus ID: 58320
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apple:itunes
Patch Publication Date: 3/7/2012
Vulnerability Publication Date: 3/7/2012
Reference Information
CVE: CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0634, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648