Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902720
Kategorie:Mac OS X Local Security Checks
Titel:Apple iTunes Arbitrary Code Execution Vulnerability (Mac OS X)
Zusammenfassung:This host has installed apple iTunes and is prone to arbitrary code; execution vulnerability.
Beschreibung:Summary:
This host has installed apple iTunes and is prone to arbitrary code
execution vulnerability.

Vulnerability Insight:
The flaw is due to memory corruption issue exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes may lead
to an unexpected application termination or arbitrary code execution.

Vulnerability Impact:
Successful exploitation could allow attackers to lead to an unexpected
application termination or arbitrary code execution.

Affected Software/OS:
Apple iTunes version prior to 10.2.2.

Solution:
Upgrade to Apple iTunes version 10.2.2 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 46849
BugTraq ID: 46822
Common Vulnerability Exposure (CVE) ID: CVE-2011-1290
http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html
http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html
http://www.securityfocus.com/bid/46849
Bugtraq: 20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/517513/100/0/threaded
Debian Security Information: DSA-2192 (Google Search)
http://www.debian.org/security/2011/dsa-2192
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
http://www.zerodayinitiative.com/advisories/ZDI-11-104
http://osvdb.org/71182
http://www.securitytracker.com/id?1025212
http://secunia.com/advisories/43735
http://secunia.com/advisories/43748
http://secunia.com/advisories/43782
http://secunia.com/advisories/44151
http://secunia.com/advisories/44154
http://www.vupen.com/english/advisories/2011/0645
http://www.vupen.com/english/advisories/2011/0654
http://www.vupen.com/english/advisories/2011/0671
http://www.vupen.com/english/advisories/2011/0984
XForce ISS Database: google-webkit-style-code-execution(66052)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66052
Common Vulnerability Exposure (CVE) ID: CVE-2011-1344
http://www.securityfocus.com/bid/46822
Bugtraq: 20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/517505/100/0/threaded
Bugtraq: 20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) (Google Search)
http://www.securityfocus.com/archive/1/517517/100/0/threaded
http://twitter.com/aaronportnoy/statuses/45632544967901187
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358
http://www.zerodayinitiative.com/advisories/ZDI-11-135
http://www.securitytracker.com/id?1025363
XForce ISS Database: safari-webkit-unspec-code-exec(66061)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66061
CopyrightCopyright (C) 2011 SecPod

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.