ID CVE-2010-0532
Summary Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:itunes:9.0:-:windows
    cpe:2.3:a:apple:itunes:9.0:-:windows
  • cpe:2.3:a:apple:itunes:9.0.0:-:windows
    cpe:2.3:a:apple:itunes:9.0.0:-:windows
  • cpe:2.3:a:apple:itunes:9.0.1:-:windows
    cpe:2.3:a:apple:itunes:9.0.1:-:windows
  • cpe:2.3:a:apple:itunes:9.0.2:-:windows
    cpe:2.3:a:apple:itunes:9.0.2:-:windows
  • cpe:2.3:a:apple:itunes:9.0.3:-:windows
    cpe:2.3:a:apple:itunes:9.0.3:-:windows
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP
    cpe:2.3:o:microsoft:windows_xp
CVSS
Base: 6.9 (as of 01-04-2010 - 14:20)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id ITUNES_9_1.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO's handling of TIFF images may lead to an application crash or arbitrary code execution. (CVE-2009-2285) - An integer overflow in the applications's handling of images with an embedded color profile may lead to an application crash or arbitrary code execution. (CVE-2010-0040) - An uninitialized memory access issue in ImageIO's handling of BMP images may result in sending data from Safari's memory to a website under an attacker's control. (CVE-2010-0041) - An uninitialized memory access issue in ImageIO's handling of TIFF images may result in sending data from Safari's memory to a website under an attacker's control. (CVE-2010-0042) - A memory corruption issue in the application's handling of TIFF images may lead to an application crash or arbitrary code execution. (CVE-2010-0043) - A race condition during the installation process may allow a local user modify a file that is then executed with SYSTEM privileges. (CVE-2010-0532) - A path searching issue may allow code execution if an attacker can place a specially crafted DLL in a directory and have a user open another file using iTunes in that directory. (CVE-2010-1795)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 45390
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45390
    title Apple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_9_1_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO's handling of TIFF images can lead to a denial of service or arbitrary code execution. (CVE-2009-2285) - An integer overflow in the application's handling of images with an embedded color profile can lead to a denial of service or arbitrary code execution. (CVE-2010-0040) - An uninitialized memory access vulnerability in ImageIO's handling of BMP images can result in the sending of sensitive data from Safari's memory to a website under an attacker's control. (CVE-2010-0041) - An uninitialized memory access vulnerability in ImageIO's handling of TIFF images can result in the sending of sensitive data from Safari's memory to a website under an attacker's control. (CVE-2010-0042) - A memory corruption vulnerability in the ImageIO's handling of TIFF images can lead to a denial of service or arbitrary code execution. (CVE-2010-0043) - An infinite loop vulnerability in the application's handling of imported MP4 podcast files can lead to a denial of service or arbitrary code execution. (CVE-2010-0531) - A race condition during the installation process allows a local attacker to modify an unspecified file which can then be executed with SYSTEM privileges. (CVE-2010-0532) - A path searching vulnerability exists that allows code execution if an attacker places a specially crafted DLL in a directory and has a user open another file using iTunes in that directory. (CVE-2010-1795) - Syncing a mobile device can allow a local attacker to gain the privileges of the console user due to an insecure file operation in the handling of log files. (CVE-2010-1768)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 45391
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45391
    title Apple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)
oval via4
accepted 2015-06-22T04:00:48.441-04:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Scott Quint
    organization Quintechssential
  • name Pooja Shetty
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
comment Apple iTunes is installed
oval oval:org.mitre.oval:def:12353
description Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
family windows
id oval:org.mitre.oval:def:7110
status accepted
submitted 2010-04-09T10:30:00.000-05:00
title Apple iTunes Install or Update Privilege Escalation Vulnerability
version 14
refmap via4
apple APPLE-SA-2010-03-30-2
confirm http://support.apple.com/kb/HT4105
secunia 39135
Last major update 24-08-2010 - 01:43
Published 31-03-2010 - 14:30
Last modified 18-09-2017 - 21:30
Back to Top