Vulnerabilities > CVE-2007-1008 - Remote Denial of Service vulnerability in Apple Itunes 7.0.2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Successful exploitation requires that an attacker perform some type of DNS spoofing or man-in-the-middle attack prior to launching this attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Apple iTunes 7.0.2 XML Parsing Remote Denial of Service Vulnerability. CVE-2007-1008. Dos exploit for osx platform |
id | EDB-ID:29616 |
last seen | 2016-02-03 |
modified | 2007-02-19 |
published | 2007-02-19 |
reporter | poplix |
source | https://www.exploit-db.com/download/29616/ |
title | Apple iTunes 7.0.2 XML Parsing Remote Denial of Service Vulnerability |
Oval
accepted | 2015-06-22T04:00:14.724-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16978 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-07-30T11:32:03.685-04:00 | ||||||||||||
title | Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation | ||||||||||||
version | 7 |