Vulnerabilities > CVE-2010-1768 - Local Privilege Escalation vulnerability in Apple iTunes Log File Insecure File Operation

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
apple
nessus

Summary

Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ITUNES_9_1.NASL
    descriptionThe remote version of iTunes is older than 9.1. Such versions are potentially affected by multiple vulnerabilities : - An infinite loop in the application
    last seen2020-06-01
    modified2020-06-02
    plugin id45389
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45389
    titleiTunes < 9.1 Multiple Vulnerabilities (Mac OS X)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_9_1_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45391
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45391
    titleApple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2015-06-22T04:00:50.025-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameScott Quint
    organizationQuintechssential
  • namePooja Shetty
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameBernd Eggenmueller
    organizationbaramundi software
definition_extensions
commentApple iTunes is installed
ovaloval:org.mitre.oval:def:12353
descriptionUnspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
familywindows
idoval:org.mitre.oval:def:7604
statusaccepted
submitted2010-09-23T02:48:16
titleApple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
version14