Vulnerabilities > Apple > Itunes > 6.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-02 | CVE-2009-0950 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | 9.3 |
2009-03-14 | CVE-2009-0143 | Information Exposure vulnerability in Apple Itunes Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | 4.3 |
2009-03-14 | CVE-2009-0016 | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | 5.0 |
2008-09-11 | CVE-2008-3636 | Numeric Errors vulnerability in Apple Itunes Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. | 7.2 |
2008-09-11 | CVE-2008-3634 | Information Exposure vulnerability in Apple Itunes Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | 2.6 |
2008-08-01 | CVE-2008-3434 | Code Injection vulnerability in Apple Itunes Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 7.5 |
2007-09-06 | CVE-2007-3752 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. | 9.3 |
2006-06-29 | CVE-2006-1467 | Numeric Errors vulnerability in Apple Itunes Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | 5.1 |
2006-03-19 | CVE-2006-1249 | Numeric Errors vulnerability in Apple Itunes and Quicktime Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | 6.8 |