Podatność CVE-2010-1795


Publikacja: 2010-08-20   Modyfikacja: 2012-02-13

Opis:
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Remote Binary Planting in Apple iTunes for Windows
Mitja Kolsek
24.08.2010

Typ:

CWE-Other

Producent: Apple
Produkt: Itunes 
Wersje:
9.0.3
9.0.2
9.0.1
9.0.0
8.2.1
8.2
8.1.1
8.1
8.0.2
8.0.1
8.0
7.7.1
7.7.0
7.6.2
7.6.1
7.6.0
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.0
7.1.1
7.1.0
7.0.2
7.0.1
7.0.0
6.0.5
6.0.4.2
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.0.1
5.0.0
4.9.0
4.8.0
4.7.1
4.7.0
4.6.0
4.5.0
4.2.0
4.1.0
4.0.1
4.0.0
3.0.1
3.0.0
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.1.2
1.1.1
1.0

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny

 Referencje:
http://support.apple.com/kb/HT4105
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
http://www.securityfocus.com/archive/1/513190/100/0/threaded
http://www.securityfocus.com/bid/42541
https://exchange.xforce.ibmcloud.com/vulnerabilities/61223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7217

Podobne CVE
CVE-2018-4470
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
CVE-2018-4465
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4464
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4463
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4462
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4461
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4460
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4456
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.

Copyright 2019, cxsecurity.com

 

Back to Top