Page 180 of 901 results (0.013 seconds)

CVSS: 7.2EPSS: 0%CPEs: 43EXPL: 0

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. Desbordamiento de entero en un driver de terceros no especificado incluido en Apple iTunes anterior a la 8.0 para Windows, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html http://securitytracker.com/id?1020839 http://support.apple.com/kb/HT3025 http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf http://www.kb.cert.org/vuls/id/146896 http://www.securityfocus.com/archive/1/497131/100/0/threaded http://www.securityfocus.com/bid/31089 http://www.securitytracker.com/id?1020997 http:& • CWE-189: Numeric Errors •

CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. Aplicación Itunes anterior a la v8 sobre Mac OS X 10.4.11, cuando iTunes Sharing se encuentra habilitado pero bloqueado por el cortafuegos del sistema, muestra información falsa (engañosa) sobre la seguridad del cortafuegos. Esto podría ser aprovechado por atacantes remotos. El administrador no obviaría esta cuestión si se le diera mejor información al respecto. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securitytracker.com/id?1020840 http://www.securityfocus.com/bid/31090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple iTunes anterior a versión 10.5.1, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de troya, como es demostrado por el evilgrade y el envenenamiento de la caché de DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html http://support.apple.com/kb/HT5030 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. Un desbordamiento de búfer en la región heap de la memoria en iTunes de Apple versiones anteriores a 7.4, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o ejecutar código arbitrario por medio de una carátula del álbum diseñada en el átomo covr de un archivo MP4/AAC. • http://docs.info.apple.com/article.html?artnum=306404 http://lists.apple.com/archives/security-announce/2007/Sep/msg00000.html http://osvdb.org/38528 http://secunia.com/advisories/26725 http://www.securityfocus.com/archive/1/478750/100/0/threaded http://www.securityfocus.com/bid/25567 http://www.securitytracker.com/id?1018658 http://www.vupen.com/english/advisories/2007/3073 https://exchange.xforce.ibmcloud.com/vulnerabilities/36485 https://oval.cisecurity.org/repository/search/de • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 89%CPEs: 1EXPL: 0

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list file. The specific flaw exists during the processing of malicious AAC media files such as those with extensions .M4A and .M4P. During the parsing of the sample table size atom (STSZ), a malformed 'sample_size_table' value can trigger an integer overflow leading to an exploitable memory corruption. • http://docs.info.apple.com/article.html?artnum=303952 http://secunia.com/advisories/20891 http://securitytracker.com/id?1016413 http://www.kb.cert.org/vuls/id/907836 http://www.securityfocus.com/archive/1/438812/100/0/threaded http://www.securityfocus.com/bid/18730 http://www.vupen.com/english/advisories/2006/2601 http://www.zerodayinitiative.com/advisories/ZDI-06-020.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27481 • CWE-189: Numeric Errors •