Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Apple iTunes Remote Denial-of-Service Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
iTunes
by:
Not specified
4.3
CVSS
MEDIUM
Denial-of-Service
399
CWE
Product Name: iTunes
Affected Version From: 7.0.2
Affected Version To: 7.0.2
Patch Exists: YES
Related CWE: CVE-2006-0307
CPE: a:apple:itunes:7.0.2
Metasploit:
Other Scripts:
Platforms Tested:
2006

Apple iTunes Remote Denial-of-Service Vulnerability

The vulnerability exists because the application does not properly handle malformed XML playlist files. An attacker can exploit this issue by crafting a malicious playlist file and tricking the user into opening it, causing the application to crash and resulting in a denial-of-service condition.

Mitigation:

Update to a patched version of iTunes. As of this writing, the latest version is 7.0.3, which addresses this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22615/info

Apple iTunes is prone to a remote denial-of-service vulnerability because the application fails to handle malformed XML playlist files.

An attacker can exploit this issue to crash the application, triggering a denial-of-service condition.

Apple iTunes version 7.0.2 for Intel and PowerPC are vulnerable to this issue; other versions may also be affected. 

<?die with your boots on?>
<kb:station_record>
<kb:station_url_record>
</kb:station_url_record>

Navigation

Suggest Exploit

Services By CQR