CVE-2005-2938

Name of the Vulnerable Software and Affected Versions iTunes versions 4.7.1.30 through 5

Description The issue is related to an unquoted Windows search path vulnerability in the iTunesHelper.exe component. This could potentially allow local users to gain privileges by creating a malicious file, such as C:program.exe, which could be executed with elevated privileges.

Recommendations For versions 4.7.1.30 through 5, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to the iTunesHelper.exe component to minimize the risk of exploitation. Avoid using potentially vulnerable execution paths until the issue is resolved.