CVE-2005-2938 — Unquoted Search Path or Element in Apple Itunes

CWE-264 CWE-428 — Unquoted Search Path or Element3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedNov 18

Latest updateMay 1

Description

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes4.7.1.30, 5.0+1

🔴Vulnerability Details

GHSA

GHSA-36xg-989x-49mx: Unquoted Windows search path vulnerability in iTunesHelper↗2022-05-01

▶

📐Framework References

CWE

Unquoted Search Path or Element↗

▶