VYPR

iTunes

by Apple Inc.

CVEs (625)

  • CVE-2008-3434Aug 1, 2008
    risk 0.00cvss epss 0.03

    Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

  • CVE-2007-3752Sep 6, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.

  • CVE-2006-1249Mar 19, 2006
    risk 0.00cvss epss 0.06

    Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

  • CVE-2005-2938Nov 18, 2005
    risk 0.00cvss epss 0.00

    Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

  • CVE-2005-1248May 16, 2005
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.

Page 32 of 32