CVE-2010-1795 — Uncontrolled Search Path Element in Apple Itunes

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

2.0%

top 16.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedAug 20

Latest updateMay 14

Description

Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes59 versions+58

🔴Vulnerability Details

GHSA

GHSA-v7v8-f46h-v388: Untrusted search path vulnerability in Apple iTunes before 9↗2022-05-14

▶

📐Framework References

CWE

Uncontrolled Search Path Element↗

▶