ID CVE-2007-1008
Summary Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Successful exploitation requires that an attacker perform some type of DNS spoofing or man-in-the-middle attack prior to launching this attack.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
oval via4
accepted 2015-06-22T04:00:14.724-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
comment Apple iTunes is installed
oval oval:org.mitre.oval:def:12353
description Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
family windows
id oval:org.mitre.oval:def:16978
status accepted
submitted 2013-07-30T11:32:03.685-04:00
title Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation
version 7
refmap via4
bid 22615
bugtraq 20070219 iTunes remote memory corruption vulnerability
osvdb 33742
sreason 2278
Last major update 16-10-2018 - 16:36
Published 20-02-2007 - 01:28
Back to Top