Oval Definition:oval:org.mitre.oval:def:17136
Revision Date:2015-06-22Version:6
Title:Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning
Description:Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-3434
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Apple iTunes
Definition Synopsis
  • Apple iTunes is installed
  • AND iTunes.exe version is less than 10.5.1.42
  • BACK