Page 183 of 917 results (0.040 seconds)

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 2

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Apple iTunes 7.0.2 permite a atacantes remotos con la intervención el usuario provocar una denegación de servicio (cierre de aplicación) mediante una lista XML manipulada de estaciones de radio, lo cual provoca una corrupción de memoria. NOTA: iTunes obtiene el documento XML de una URL estática, lo cual requiere que un atacante realice una suplantación de DNS o un ataque de hombre-en-medio (man-in-the-middle) para la explotación. • https://www.exploit-db.com/exploits/29616 http://osvdb.org/33742 http://securityreason.com/securityalert/2278 http://www.securityfocus.com/archive/1/460544/100/0/threaded http://www.securityfocus.com/bid/22615 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16978 •

CVSS: 5.1EPSS: 89%CPEs: 1EXPL: 0

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple iTunes. Exploitation requires an attacker to convince a target user into opening a malicious play list file. The specific flaw exists during the processing of malicious AAC media files such as those with extensions .M4A and .M4P. During the parsing of the sample table size atom (STSZ), a malformed 'sample_size_table' value can trigger an integer overflow leading to an exploitable memory corruption. • http://docs.info.apple.com/article.html?artnum=303952 http://secunia.com/advisories/20891 http://securitytracker.com/id?1016413 http://www.kb.cert.org/vuls/id/907836 http://www.securityfocus.com/archive/1/438812/100/0/threaded http://www.securityfocus.com/bid/18730 http://www.vupen.com/english/advisories/2006/2601 http://www.zerodayinitiative.com/advisories/ZDI-06-020.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27481 • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 56%CPEs: 4EXPL: 0

Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. • http://lists.apple.com/archives/security-announce/2006/May/msg00002.html http://secunia.com/advisories/20069 http://securitytracker.com/id?1016067 http://www.eeye.com/html/research/upcoming/20060307b.html http://www.kb.cert.org/vuls/id/570689 http://www.securityfocus.com/archive/1/433831/100/0/threaded http://www.securityfocus.com/archive/1/433850/100/0/threaded http://www.securityfocus.com/bid/17074 http://www.us-cert.gov/cas/techalerts/TA06-132B.html http://www& • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 0

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. • http://docs.info.apple.com/article.html?artnum=303101 http://secunia.com/advisories/18149 http://secunia.com/advisories/18370 http://security-protocols.com/advisory/sp-x21-advisory.txt http://securityreason.com/securityalert/334 http://securityreason.com/securityalert/336 http://securitytracker.com/id?1015356 http://securitytracker.com/id?1015396 http://securitytracker.com/id?1015397 http://www.eeye.com/html/research/upcoming/20051117a.html http://www.eeye.com/html/research/upcoming/2005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. • http://securitytracker.com/id?1015222 http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities http://www.vupen.com/english/advisories/2005/2443 • CWE-264: Permissions, Privileges, and Access Controls •