CVE-2019-8801Untrusted Search Path in Apple Itunes FOR Windows

CWE-426Untrusted Search Path5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 63.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Itunes FOR WindowsApple MacosApple Itunes+1 more
Timeline
PublishedDec 18
Latest updateMay 24

Description

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5apple/itunes_for_windowsunspecifiediTunes for Windows 12.10.2
NVDapple/itunes< 12.10.2
CVEListV5apple/macosunspecifiedmacOS Catalina 10.15.1
NVDapple/mac_os_x< 10.15.1

🔴Vulnerability Details

2
GHSA
GHSA-c9xp-93v6-v7gj: A dynamic library loading issue existed in iTunes setup2022-05-24
CVEList
CVE-2019-8801: A dynamic library loading issue existed in iTunes setup2019-12-18

📋Vendor Advisories

2
Apple
CVE-2019-8801: iTunes 12.10.2 for Windows2019-10-30
Apple
CVE-2019-8801: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-0062019-10-29
CVE-2019-8801 — Untrusted Search Path in Apple | cvebase