CVE-2007-1008
Apple iTunes 7.0.2 - XML Parsing Remote Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Apple iTunes 7.0.2 permite a atacantes remotos con la intervención el usuario provocar una denegación de servicio (cierre de aplicación) mediante una lista XML manipulada de estaciones de radio, lo cual provoca una corrupción de memoria. NOTA: iTunes obtiene el documento XML de una URL estática, lo cual requiere que un atacante realice una suplantación de DNS o un ataque de hombre-en-medio (man-in-the-middle) para la explotación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-02-19 CVE Reserved
- 2007-02-19 First Exploit
- 2007-02-20 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/33742 | Vdb Entry | |
| http://securityreason.com/securityalert/2278 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/460544/100/0/threaded | Mailing List | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16978 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29616 | 2007-02-19 | |
| http://www.securityfocus.com/bid/22615 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|