Vulnerability Name:

CVE-2010-0532 (CCN-57387)

Assigned:2010-03-30
Published:2010-03-30
Updated:2017-09-19
Summary:Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

'This issue does not affect Mac OS X systems.'
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-0532

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2010-03-30-2

Source: CCN
Type: SA39135
Apple iTunes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
39135

Source: CCN
Type: Apple Web site
About the security content of iTunes 9.1

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4105

Source: CCN
Type: OSVDB ID: 63450
Apple iTunes on Windows Installation Package Race Condition Local Privilege Escalation

Source: XF
Type: UNKNOWN
itunes-installation-priv-escalation(57387)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7110

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:itunes:9.0:-:windows:*:*:*:*:*
  • OR cpe:/a:apple:itunes:9.0.0:-:windows:*:*:*:*:*
  • OR cpe:/a:apple:itunes:9.0.1:-:windows:*:*:*:*:*
  • OR cpe:/a:apple:itunes:9.0.2:-:windows:*:*:*:*:*
  • OR cpe:/a:apple:itunes:*:-:windows:*:*:*:*:* (Version <= 9.0.3)
  • AND
  • cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apple:itunes:9.0.0:-:windows:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7110
    V
    		Apple iTunes Install or Update Privilege Escalation Vulnerability
    2015-06-22
    BACK
    apple itunes 9.0 -
    apple itunes 9.0.0 -
    apple itunes 9.0.1 -
    apple itunes 9.0.2 -
    apple itunes * -
    microsoft windows 7 *
    microsoft windows vista *
    microsoft windows xp *
    apple itunes 9.0.0 -