PT-2005-3786 · Apple · Itunes

Published

2005-11-18

Updated

2011-03-10

CVE-2005-2938

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iTunes versions 4.7.1.30 through 5

Description The issue is related to an unquoted Windows search path vulnerability in the iTunesHelper.exe component. This could potentially allow local users to gain privileges by creating a malicious file, such as C:program.exe, which could be executed with elevated privileges.

Recommendations For versions 4.7.1.30 through 5, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to the iTunesHelper.exe component to minimize the risk of exploitation. Avoid using potentially vulnerable execution paths until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2005-2938

Affected Products

Itunes

PT-2005-3786 · Apple · Itunes

CVE-2005-2938

Weakness Enumeration

Related Identifiers

Affected Products

References · 4