ID CVE-2010-1795
Summary Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:itunes:1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:1.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:1.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:1.1.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:1.1.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:2.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:2.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:2.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:2.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:2.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:2.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:2.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:2.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:2.0.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:2.0.4:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:3.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:3.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:3.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:3.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.7.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.7.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.7.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.7.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.8.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.8.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:4.9.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:4.9.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:5.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:5.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:5.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:5.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.4:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.4.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.4.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:6.0.5:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:6.0.5:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.4.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.4.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:8.2.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:8.2.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:itunes:9.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:itunes:9.0.3:-:windows:*:*:*:*:*
CVSS
Base: 9.3 (as of 10-10-2018 - 19:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-06-22T04:00:48.975-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Scott Quint
    organization Quintechssential
  • name Pooja Shetty
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Apple iTunes is installed
    oval oval:org.mitre.oval:def:12353
description Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
family windows
id oval:org.mitre.oval:def:7217
status accepted
submitted 2010-09-23T02:48:16
title Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
version 36
refmap via4
bid 42541
bugtraq 20100818 ACROS Security: Remote Binary Planting in Apple iTunes for Windows (ASPR #2010-08-18-1)
confirm http://support.apple.com/kb/HT4105
misc http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
xf itunes-dll-code-execution(61223)
Last major update 10-10-2018 - 19:57
Published 20-08-2010 - 20:00
Last modified 10-10-2018 - 19:57
Back to Top