CVE-2007-1008 - Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application c

CVE-2007-1008

Summary

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. Successful exploitation requires that an attacker perform some type of DNS spoofing or man-in-the-middle attack prior to launching this attack.

References

Vulnerable Configurations

cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:P

oval via4

accepted

2015-06-22T04:00:14.724-04:00

class

vulnerability

contributors

name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Bernd Eggenmueller
organization baramundi software

definition_extensions

comment	Apple iTunes is installed
oval	oval:org.mitre.oval:def:12353

description

family

windows

oval:org.mitre.oval:def:16978

status

accepted

submitted

2013-07-30T11:32:03.685-04:00

title

version

refmap via4

bid	22615
bugtraq	20070219 iTunes remote memory corruption vulnerability
osvdb	33742
sreason	2278

Last major update

16-10-2018 - 16:36

Published

20-02-2007 - 01:28

Last modified

16-10-2018 - 16:36