CVE-2008-3636 — Cross-site Scripting in Apple Itunes

CWE-189 CWE-79 — Cross-site Scripting5 documents5 sources

Severity

7.2HIGHNVD

OSV6.8

EPSS

0.1%

top 68.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman Apple Itunes

Timeline

PublishedSep 11

Latest updateMay 2

Description

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in th…

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/itunes7.6.1+42

▶Debiangnu/mailman< 1:2.1.10~b3-1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4q27-w7jf-v3mh: Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers↗2022-05-02

▶

OSV

CVE-2008-0564: Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2↗2008-02-05

▶

📋Vendor Advisories

Red Hat

mailman: XSS triggerable by list administrator↗2008-01-03

▶