Revision Date: | 2015-06-22 | Version: | 6 |
Title: | Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning |
Description: | Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. |
Family: | windows | Class: | vulnerability |
Status: | ACCEPTED | Reference(s): | CVE-2008-3434
|
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP
| Product(s): | Apple iTunes
|
Definition Synopsis |
Apple iTunes is installed AND iTunes.exe version is less than 10.5.1.42
|