Vulnerabilities > CVE-2007-1008 - Remote Denial of Service vulnerability in Apple Itunes 7.0.2

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

high complexity

apple

exploit available

NVD

Published: 2007-02-20

Updated: 2018-10-16

Summary

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Successful exploitation requires that an attacker perform some type of DNS spoofing or man-in-the-middle attack prior to launching this attack.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Itunes 7.0.2	1

Exploit-Db

description	Apple iTunes 7.0.2 XML Parsing Remote Denial of Service Vulnerability. CVE-2007-1008. Dos exploit for osx platform
id	EDB-ID:29616
last seen	2016-02-03
modified	2007-02-19
published	2007-02-19
reporter	poplix
source	https://www.exploit-db.com/download/29616/
title	Apple iTunes 7.0.2 XML Parsing Remote Denial of Service Vulnerability

Oval

accepted

2015-06-22T04:00:14.724-04:00

class

vulnerability

contributors

name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Bernd Eggenmueller
organization baramundi software

definition_extensions

comment	Apple iTunes is installed
oval	oval:org.mitre.oval:def:12353

description

family

windows

oval:org.mitre.oval:def:16978

status

accepted

submitted

2013-07-30T11:32:03.685-04:00

title

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References