Full Disclosure mailing list archives

-ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation Vulnerability in Apple iTunes


From: sikurezza () nexlab it
Date: Thu, 16 Mar 2006 18:41:51 +0000 (GMT)




-ADVISORY- + [Thu Mar 16 13:41:45 EST 2006] + Local Privilege Escalation Vulnerability in Apple iTunes




8=======D~~~~~~~~~~
[+] DESCRIPTION
8=======D~~~~~~~~~~
Apple iTunes incorrectly validates user input, making privilege escalation possible.

8=======D~~~~~~~~~~
[+] WORKAROUND
8=======D~~~~~~~~~~
This vulnerability had no workarounds.
8=======D~~~~~~~~~~
[+] VENDOR RESPONSE
8=======D~~~~~~~~~~
Apple iTunes is offered no identified commentary regarding this problem at hand.
8=======D~~~~~~~~~~
APPENDIX A VENDOR INFORMATION
8=======D~~~~~~~~~~
http://www.apple.com/itunes/



8=======D~~~~~~~~~~
CONTACT
8=======D~~~~~~~~~~
sikurezza () nexlab it sikurezza () nexlab it

GSAE CCE CEH CSFA SSP-CNSA GIPS GHTQ CAP 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Current thread: