Vulnerabilities > CVE-2010-0531 - Resource Management Errors vulnerability in Apple Itunes

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
apple
microsoft
CWE-399
nessus
NVD
Published: 2010-03-31
Updated: 2017-09-19

Summary

Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

Vulnerable Configurations

Part Description Count
Application
Apple
84
OS
Apple
30
OS
Microsoft
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ITUNES_9_1.NASL
    descriptionThe remote version of iTunes is older than 9.1. Such versions are potentially affected by multiple vulnerabilities : - An infinite loop in the application
    last seen2020-06-01
    modified2020-06-02
    plugin id45389
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45389
    titleiTunes < 9.1 Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idITUNES_9_1.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45390
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45390
    titleApple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_9_1_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45391
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45391
    titleApple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2015-06-22T04:00:49.475-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameScott Quint
    organizationQuintechssential
  • namePooja Shetty
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameBernd Eggenmueller
    organizationbaramundi software
definition_extensions
commentApple iTunes is installed
ovaloval:org.mitre.oval:def:12353
descriptionApple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
familywindows
idoval:org.mitre.oval:def:7427
statusaccepted
submitted2010-04-09T10:30:00.000-05:00
titleApple iTunes MP4 File Processing Denial of Service Vulnerability
version14

References