Apple Itunes vulnerabilities

CVE-2010-0531 [MEDIUM] CWE-399 CVE-2010-0531: Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a c Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

CVE-2010-0532 [MEDIUM] CWE-362 CVE-2010-0532: Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

CVE-2009-2817 [CRITICAL] CWE-119 CVE-2009-2817: Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or ca Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

CVE-2009-0950 [CRITICAL] CWE-119 CVE-2009-0950: Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

CVE-2009-0016 [MEDIUM] CWE-20 CVE-2009-0016: Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite lo Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

CVE-2009-0143 [MEDIUM] CWE-200 CVE-2009-0143: Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication requ Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

CVE-2008-5406 [CRITICAL] CWE-119 CVE-2008-5406: Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attack Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

CVE-2008-4116 [CRITICAL] CWE-119 CVE-2008-4116: Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that lea

CVE-2008-3636 [HIGH] CWE-189 CVE-2008-3636: Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple

CVE-2008-3634 [LOW] CWE-200 CVE-2008-3634: Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.

CVE-2008-3434 [HIGH] CWE-94 CVE-2008-3434: Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVE-2007-3752 [CRITICAL] CWE-119 CVE-2007-3752: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of s Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.

CVE-2007-1008 [LOW] CVE-2007-1008: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application c Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.

CVE-2006-1467 [MEDIUM] CWE-189 CVE-2006-1467: Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or lat Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.

CVE-2006-1249 [MEDIUM] CWE-189 CVE-2006-1249: Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

CVE-2005-4092 [HIGH] CWE-119 CVE-2005-4092: Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0 Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and

CVE-2005-2938 [HIGH] CWE-264 CVE-2005-2938: Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for W Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

CVE-2005-1248 [HIGH] CVE-2005-1248: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a c Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.

CVE-2005-0043 [HIGH] CVE-2005-0043: Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.

CVE-2015-5922 [CRITICAL] CVE-2015-5922: iTunes 12.3 Apple Security Update: About the security content of iTunes 12.3 Product: iTunes Version: 12.3 CVE: CVE-2015-5922 Component: CVE-ID Impact: Opening a media file may lead to arbitrary code execution Description: A security issue existed in Microsoft Foundation Class's handling of library loading. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package.