Apple iTunes Install or Update Local Privilege Escalation Vulnerability
BID:39092
Info
Apple iTunes Install or Update Local Privilege Escalation Vulnerability
| Bugtraq ID: | 39092 |
| Class: | Design Error |
| CVE: |
CVE-2010-0532 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 30 2010 12:00AM |
| Updated: | Mar 30 2010 12:00AM |
| Credit: | Jason Geffner of NGSSoftware |
| Vulnerable: |
Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 7.4 |
| Not Vulnerable: |
Apple iTunes 9.1 |
Discussion
Apple iTunes Install or Update Local Privilege Escalation Vulnerability
Apple iTunes is prone to a local privilege-escalation vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code with SYSTEM-level privileges.
Versions prior to Apple iTunes 9.1 on Microsoft Windows platforms are vulnerable.
Note: This BID was originally titled 'Apple iTunes Privilege Escalation and Denial of Service Vulnerabilities'; the denial-of-service issue has been given its own record (BID 39113) to better document it.
Apple iTunes is prone to a local privilege-escalation vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code with SYSTEM-level privileges.
Versions prior to Apple iTunes 9.1 on Microsoft Windows platforms are vulnerable.
Note: This BID was originally titled 'Apple iTunes Privilege Escalation and Denial of Service Vulnerabilities'; the denial-of-service issue has been given its own record (BID 39113) to better document it.
Exploit / POC
Apple iTunes Install or Update Local Privilege Escalation Vulnerability
Attackers can exploit this issue with readily available tools.
Attackers can exploit this issue with readily available tools.
Solution / Fix
Apple iTunes Install or Update Local Privilege Escalation Vulnerability
Solution:
The vendor has released an update. Please see the references for more information.
Apple iTunes 9.0.2
Solution:
The vendor has released an update. Please see the references for more information.
Apple iTunes 9.0.2
-
Apple APPLE-SA-2010-03-30-2iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/ -
Apple APPLE-SA-2010-03-30-2iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/
References
Apple iTunes Install or Update Local Privilege Escalation Vulnerability
References:
References: