CVE-2007-1008

Name of the Vulnerable Software and Affected Versions: Apple iTunes version 7.0.2

Description: The issue allows user-assisted remote attackers to cause a denial of service, resulting in an application crash, via a crafted XML list of radio stations. This leads to memory corruption. To exploit this, an attacker would need to perform DNS spoofing or man-in-the-middle attacks, as the XML document is retrieved from a static URL.

Recommendations: For Apple iTunes version 7.0.2, consider avoiding the use of crafted XML lists of radio stations until a fix is available. As a temporary workaround, restrict access to untrusted networks to minimize the risk of DNS spoofing or man-in-the-middle attacks.