Vulnerabilities > CVE-2010-1795 - DLL Loading Arbitrary Code Execution vulnerability in Apple iTunes

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
critical
nessus

Summary

Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

Nessus

  • NASL familyWindows
    NASL idITUNES_9_1.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45390
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45390
    titleApple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_9_1_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45391
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45391
    titleApple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2015-06-22T04:00:48.975-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameScott Quint
    organizationQuintechssential
  • namePooja Shetty
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameBernd Eggenmueller
    organizationbaramundi software
definition_extensions
  • commentMicrosoft Windows 2000 is installed
    ovaloval:org.mitre.oval:def:85
  • commentMicrosoft Windows XP (x86) SP2 is installed
    ovaloval:org.mitre.oval:def:754
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:4873
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentApple iTunes is installed
    ovaloval:org.mitre.oval:def:12353
descriptionUntrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
familywindows
idoval:org.mitre.oval:def:7217
statusaccepted
submitted2010-09-23T02:48:16
titleApple iTunes DLL Loading Arbitrary Code Execution Vulnerability
version33