General : Apple iTunes Multiple Vulnerabilities (HT6001)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.804232
Category:	General
Title:	Apple iTunes Multiple Vulnerabilities (HT6001) - Windows
Summary:	Apple iTunes is prone to a security bypass vulnerability.
Description:	Summary: Apple iTunes is prone to a security bypass vulnerability. Vulnerability Insight: The following flaws exist: - CVE-2013-1024: Uninitialized memory access issue in the handling of text tracks - CVE-2014-1242: iTunes Tutorials window uses a non-secure HTTP connection to retrieve content. - Multiple memory corruption issues in WebKit, libxml and libxslt Vulnerability Impact: Successful exploitation may allow an attacker to perform man-in-the-middle attacks and obtain sensitive information, cause unexpected application termination or arbitrary code execution. Affected Software/OS: Apple iTunes before 11.1.4 on Windows. Solution: Update to version 11.1.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3102 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html BugTraq ID: 53540 http://www.securityfocus.com/bid/53540 Debian Security Information: DSA-2479 (Google Search) http://www.debian.org/security/2012/dsa-2479 http://www.mandriva.com/security/advisories?name=MDVSA-2012:098 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 RedHat Security Advisories: RHSA-2013:0217 http://rhn.redhat.com/errata/RHSA-2013-0217.html http://www.securitytracker.com/id?1027067 http://secunia.com/advisories/49243 http://secunia.com/advisories/50658 http://secunia.com/advisories/54886 http://secunia.com/advisories/55568 SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:0656 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:0731 (Google Search) https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html XForce ISS Database: google-chrome-libxml-code-exec(75607) https://exchange.xforce.ibmcloud.com/vulnerabilities/75607 Common Vulnerability Exposure (CVE) ID: CVE-2012-0841 1026723 http://securitytracker.com/id?1026723 52107 http://www.securityfocus.com/bid/52107 54886 55568 APPLE-SA-2013-09-18-2 APPLE-SA-2013-10-22-8 DSA-2417 http://www.debian.org/security/2012/dsa-2417 MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 RHSA-2012:0324 http://rhn.redhat.com/errata/RHSA-2012-0324.html RHSA-2013:0217 SUSE-SU-2013:1627 [oss-security] 20120222 libxml2: hash table collisions CPU usage DoS http://www.openwall.com/lists/oss-security/2012/02/22/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://xmlsoft.org/news.html https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of Common Vulnerability Exposure (CVE) ID: CVE-2012-2807 BugTraq ID: 54718 http://www.securityfocus.com/bid/54718 Debian Security Information: DSA-2521 (Google Search) http://www.debian.org/security/2012/dsa-2521 http://www.mandriva.com/security/advisories?name=MDVSA-2012:126 http://secunia.com/advisories/50800 SuSE Security Announcement: openSUSE-SU-2012:0813 (Google Search) https://hermes.opensuse.org/messages/15075728 SuSE Security Announcement: openSUSE-SU-2012:0975 (Google Search) https://hermes.opensuse.org/messages/15375990 http://www.ubuntu.com/usn/USN-1587-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-2825 SuSE Security Announcement: SUSE-SU-2013:1654 (Google Search) https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html SuSE Security Announcement: SUSE-SU-2013:1656 (Google Search) https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2870 Debian Security Information: DSA-2555 (Google Search) http://www.debian.org/security/2012/dsa-2555 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 http://secunia.com/advisories/50838 SuSE Security Announcement: openSUSE-SU-2012:1215 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2871 XForce ISS Database: chrome-xsl-transforms-code-exec(78179) https://exchange.xforce.ibmcloud.com/vulnerabilities/78179 Common Vulnerability Exposure (CVE) ID: CVE-2012-5134 BugTraq ID: 56684 http://www.securityfocus.com/bid/56684 Debian Security Information: DSA-2580 (Google Search) http://www.debian.org/security/2012/dsa-2580 RedHat Security Advisories: RHSA-2012:1512 http://rhn.redhat.com/errata/RHSA-2012-1512.html http://www.securitytracker.com/id?1027815 http://secunia.com/advisories/51448 SuSE Security Announcement: openSUSE-SU-2012:1637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:0178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://www.ubuntu.com/usn/USN-1656-1 XForce ISS Database: google-libxml-buffer-underflow(80294) https://exchange.xforce.ibmcloud.com/vulnerabilities/80294 Common Vulnerability Exposure (CVE) ID: CVE-2013-1024 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1037 http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://www.securitytracker.com/id/1029054 Common Vulnerability Exposure (CVE) ID: CVE-2013-1038 Common Vulnerability Exposure (CVE) ID: CVE-2013-1039 Common Vulnerability Exposure (CVE) ID: CVE-2013-1040 Common Vulnerability Exposure (CVE) ID: CVE-2013-1041 Common Vulnerability Exposure (CVE) ID: CVE-2013-1042 Common Vulnerability Exposure (CVE) ID: CVE-2013-1043 Common Vulnerability Exposure (CVE) ID: CVE-2013-1044 Common Vulnerability Exposure (CVE) ID: CVE-2013-1045 Common Vulnerability Exposure (CVE) ID: CVE-2013-1046 Common Vulnerability Exposure (CVE) ID: CVE-2013-1047 Common Vulnerability Exposure (CVE) ID: CVE-2013-2842 Debian Security Information: DSA-2695 (Google Search) http://www.debian.org/security/2013/dsa-2695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15914 Common Vulnerability Exposure (CVE) ID: CVE-2013-5125 Common Vulnerability Exposure (CVE) ID: CVE-2013-5126 Common Vulnerability Exposure (CVE) ID: CVE-2013-5127 Common Vulnerability Exposure (CVE) ID: CVE-2013-5128 Common Vulnerability Exposure (CVE) ID: CVE-2014-1242 BugTraq ID: 65088 http://www.securityfocus.com/bid/65088 http://osvdb.org/102410 http://www.securitytracker.com/id/1029671 XForce ISS Database: apple-itunes-cve20141242-mitm(90653) https://exchange.xforce.ibmcloud.com/vulnerabilities/90653
Copyright	Copyright (C) 2014 Greenbone AG