CVE-2018-4444Apple Itunes FOR Windows vulnerability

13 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 36.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOSApple Itunes FOR WindowsApple Safari+3 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5apple/itunes_for_windowsunspecified12.9
CVEListV5apple/tvosunspecified12.1
NVDapple/tvos< 12.1.1
CVEListV5apple/safariunspecified12.0
NVDapple/itunes< 12.9.2

🔴Vulnerability Details

2
GHSA
GHSA-46h6-5944-7cqw: A logic issue was addressed with improved state management2022-05-24
CVEList
CVE-2018-4444: A logic issue was addressed with improved state management2020-10-27

💥Exploits & PoCs

3
Exploit-DB
DVD X Player 5.5.3 - '.plf' Buffer Overflow2019-03-21
Exploit-DB
Ayukov NFTP FTP Client 2.0 - Buffer Overflow2019-01-02
Exploit-DB
Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)2018-07-09

📋Vendor Advisories

4
Apple
CVE-2018-4444: Safari 12.0.22018-12-05
Apple
CVE-2018-4444: tvOS 12.1.12018-12-05
Apple
CVE-2018-4444: iTunes 12.9.2 for Windows2018-12-05
Apple
CVE-2018-4444: iOS 12.1.12018-12-05

💬Community

1
Bugzilla
CVE-2018-5704 openocd: Cross-protocol scripting attacks due to not blocking HTTP POST attempts on port 44442018-01-16
CVE-2018-4444 — Apple Itunes FOR Windows vulnerability | cvebase