Vulnerabilities > CVE-2010-1795 - DLL Loading Arbitrary Code Execution vulnerability in Apple iTunes
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
Vulnerable Configurations
Nessus
NASL family Windows NASL id ITUNES_9_1.NASL description The version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45390 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45390 title Apple iTunes < 9.1 Multiple Vulnerabilities (credentialed check) NASL family Peer-To-Peer File Sharing NASL id ITUNES_9_1_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45391 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45391 title Apple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)
Oval
accepted | 2015-06-22T04:00:48.975-04:00 | ||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||
description | Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | ||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:7217 | ||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||
submitted | 2010-09-23T02:48:16 | ||||||||||||||||||||||||||||
title | Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability | ||||||||||||||||||||||||||||
version | 33 |
References
- http://support.apple.com/kb/HT4105
- http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
- http://www.securityfocus.com/archive/1/513190/100/0/threaded
- http://www.securityfocus.com/bid/42541
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61223
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7217