iTunes < 10.6.3 Multiple Vulnerabilities (uncredentialed check)

NASLDB: iTunes < 10.6.3 Multiple Vulnerabilities (uncredentialed check)

General

ID: 59498
Name: iTunes < 10.6.3 Multiple Vulnerabilities (uncredentialed check)

Summary: Checks version of iTunes

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 3689
Family: Peer-To-Peer File Sharing
Type: Remote

Description

According to its self-reported version number, the instance of iTunes
installed on the remote Windows host is older than 10.6.3 and is,
therefore, affected by the following issues :

– A memory corruption issue exists in WebKit that can
allow malicious websites to crash the application and
possibly to execute arbitrary code. Note that this
issue was addressed on Mac OS X systems by an update
for Safari and, therefore, may not necessarily affect
the remote host. (CVE-2012-0672)

– Stack and heap based buffer overflow errors exist in
the handling of ‘m3u’ playlist files. These errors can
cause the application to crash or possibly allow
arbitrary code execution. (CVE-2012-0677)