- Home
- CVEs with nessus.description==The version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities :
- A buffer underflow in ImageIO's handling of TIFF images can lead to a denial of service or arbitrary code execution. (CVE-2009-2285)
- An integer overflow in the application's handling of images with an embedded color profile can lead to a denial of service or arbitrary code execution.
(CVE-2010-0040)
- An uninitialized memory access vulnerability in ImageIO's handling of BMP images can result in the sending of sensitive data from Safari's memory to a website under an attacker's control. (CVE-2010-0041)
- An uninitialized memory access vulnerability in ImageIO's handling of TIFF images can result in the sending of sensitive data from Safari's memory to a website under an attacker's control. (CVE-2010-0042)
- A memory corruption vulnerability in the ImageIO's handling of TIFF images can lead to a denial of service or arbitrary code execution. (CVE-2010-0043)
- An infinite loop vulnerability in the application's handling of imported MP4 podcast files can lead to a denial of service or arbitrary code execution.
(CVE-2010-0531)
- A race condition during the installation process allows a local attacker to modify an unspecified file which can then be executed with SYSTEM privileges.
(CVE-2010-0532)
- A path searching vulnerability exists that allows code execution if an attacker places a specially crafted DLL in a directory and has a user open another file using iTunes in that directory. (CVE-2010-1795)
- Syncing a mobile device can allow a local attacker to gain the privileges of the console user due to an insecure file operation in the handling of log files.
(CVE-2010-1768)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top