ID CVE-2010-1769
Summary WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.3:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.3:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.5:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.5:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.2.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.2.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.7.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.7.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.7.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.7.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.8.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.8.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.9.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.9.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:5.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:5.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:5.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:5.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.4:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.5:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.5:-:windows:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-06-22T04:00:48.725-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Scott Quint
    organization Quintechssential
  • name Pooja Shetty
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
comment Apple iTunes is installed
oval oval:org.mitre.oval:def:12353
description WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
family windows
id oval:org.mitre.oval:def:7178
status accepted
submitted 2010-09-23T02:48:16
title Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
version 14
refmap via4
apple
  • APPLE-SA-2010-06-16-1
  • APPLE-SA-2010-06-21-1
bid 41016
confirm
sectrack 1024108
secunia
  • 40196
  • 43068
suse SUSE-SR:2011:002
vupen
  • ADV-2010-1512
  • ADV-2011-0212
xf itunes-webkit-unspecified-var3(59508)
Last major update 19-09-2017 - 01:30
Published 18-06-2010 - 16:30
Last modified 19-09-2017 - 01:30
Back to Top