Sign In
Register
Help
Post your comments for iTunes 8 to Vista: Give Me a B, an S, an OD here
Page 1 of 1
iTunes 8 to Vista: Give Me a B, an S, an OD
MultiQuote
#2
mpheadley 
- Advanced Member
-
- Group: Members
- Posts: 491
- Joined: 19-June 07
Posted 29 October 2008 - 10:56 AM
I tunes problems: Or you could buy an mp3 song elsewhere and actually be able to use it on ANY mp3 player (even $10 ones!) by simply dragging and dropping in windows explorer! AMAZING! (being sarcastic of course).
#3
WinTard
- Expert
-
- Group: Members
- Posts: 3,057
- Joined: 16-January 09
- Location:Look behind you...
Posted 10 May 2009 - 03:00 PM
Hmmm, I wonder why Apple software is so flaky especially under Windows? Intentional? You bet! Now that is JMHO.
Google: Results 1 - 10 of about 9,980,000 for most vulnerable application 2008. (0.10 seconds)
Excerpt from: http://www.dslreport...ication-in-2008
Five of the top 12 applications with known vulnerabilities include:
- Mozilla Firefox, versions 2.x and 3.x
- Adobe Acrobat, versions 8.1.2 and 8.1.1
- Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
- Apple iTunes, versions 3.2 and 3.1.2
- Skype, version 3.5.0.248
>www.bit9.com/landing/2008vulnerableapps.php
>www.bit9.com/news-events/press-r???p?id=102
A search of the NVD for iTunes reveals:
Search Results (Refine Search)
There are 16 matching records. Displaying matches 1 through 16.
CVE-2009-0143
Summary: Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Published: 03/14/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0016
Summary: Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
Published: 03/14/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2008-5406
Summary: Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
Published: 12/10/2008
CVSS Severity: 9.3 (HIGH)
CVE-2008-4116
Summary: Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Checkstackcookie function and an off-by-one error that leads to a heap-based buffer overflow.
Published: 09/18/2008
CVSS Severity: 9.3 (HIGH)
CVE-2008-3636
VU#146896Summary: Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to .GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
Published: 09/11/2008
CVSS Severity: 7.2 (HIGH)
CVE-2008-3634
Summary: Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Published: 09/11/2008
CVSS Severity: 2.6 (LOW)
CVE-2008-3434
Summary: Apple iTunes before 6.0.5.20 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Published: 08/01/2008
CVSS Severity: 7.5 (HIGH)
CVE-2007-3752
Summary: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Published: 09/06/2007
CVSS Severity: 9.3 (HIGH)
CVE-2007-4243
Summary: Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
Published: 08/08/2007
CVSS Severity: 7.8 (HIGH)
CVE-2007-1008
Summary: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Published: 02/20/2007
CVSS Severity: 2.6 (LOW)
CVE-2006-1467
VU#907836Summary: Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" samplesizetable value.
Published: 06/29/2006
CVSS Severity: 5.1 (MEDIUM)
CVE-2006-1249
TA06-132BVU#570689Summary: Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
Published: 03/19/2006
CVSS Severity: 6.8 (MEDIUM)
CVE-2005-4092
TA06-011AVU#921193Summary: Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
Published: 12/08/2005
CVSS Severity: 7.5 (HIGH)
CVE-2005-2938
Summary: Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:program.exe file.
Published: 11/18/2005
CVSS Severity: 7.2 (HIGH)
CVE-2005-1248
Summary: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
Published: 05/16/2005
CVSS Severity: 7.5 (HIGH)
CVE-2005-0043
VU#377368Summary: Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
Published: 05/02/2005
CVSS Severity: 7.5 (HIGH)
To those who think this is anti-Apple, I am merely reporting verifiable facts as found on the Internet. With links for your own corroboration. Not just mere FUD, BS or empty biased worthless claims. All I know is I've had issues with Apple software under Windows. Especially the Bonjour service. Of course depending on your perspective, this could be construed as Apple bashing. I disagree. I think that information in itself is neither good or bad. But I believe in security through awareness, not blind faith... Not that I trust Microsoft either. But I believe Windows 7 is Vista done properly, finally...
And no I do not like iTunes.
~~~~~~~~~~~
There is nothing either good or bad... But thinking makes it so.
~ William Shakespeare
Google: Results 1 - 10 of about 9,980,000 for most vulnerable application 2008. (0.10 seconds)
Excerpt from: http://www.dslreport...ication-in-2008
Five of the top 12 applications with known vulnerabilities include:
- Mozilla Firefox, versions 2.x and 3.x
- Adobe Acrobat, versions 8.1.2 and 8.1.1
- Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
- Apple iTunes, versions 3.2 and 3.1.2
- Skype, version 3.5.0.248
>www.bit9.com/landing/2008vulnerableapps.php
>www.bit9.com/news-events/press-r???p?id=102
A search of the NVD for iTunes reveals:
Search Results (Refine Search)
There are 16 matching records. Displaying matches 1 through 16.
CVE-2009-0143
Summary: Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Published: 03/14/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0016
Summary: Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
Published: 03/14/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2008-5406
Summary: Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
Published: 12/10/2008
CVSS Severity: 9.3 (HIGH)
CVE-2008-4116
Summary: Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Checkstackcookie function and an off-by-one error that leads to a heap-based buffer overflow.
Published: 09/18/2008
CVSS Severity: 9.3 (HIGH)
CVE-2008-3636
VU#146896Summary: Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to .GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
Published: 09/11/2008
CVSS Severity: 7.2 (HIGH)
CVE-2008-3634
Summary: Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Published: 09/11/2008
CVSS Severity: 2.6 (LOW)
CVE-2008-3434
Summary: Apple iTunes before 6.0.5.20 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Published: 08/01/2008
CVSS Severity: 7.5 (HIGH)
CVE-2007-3752
Summary: Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Published: 09/06/2007
CVSS Severity: 9.3 (HIGH)
CVE-2007-4243
Summary: Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
Published: 08/08/2007
CVSS Severity: 7.8 (HIGH)
CVE-2007-1008
Summary: Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Published: 02/20/2007
CVSS Severity: 2.6 (LOW)
CVE-2006-1467
VU#907836Summary: Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" samplesizetable value.
Published: 06/29/2006
CVSS Severity: 5.1 (MEDIUM)
CVE-2006-1249
TA06-132BVU#570689Summary: Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
Published: 03/19/2006
CVSS Severity: 6.8 (MEDIUM)
CVE-2005-4092
TA06-011AVU#921193Summary: Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
Published: 12/08/2005
CVSS Severity: 7.5 (HIGH)
CVE-2005-2938
Summary: Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:program.exe file.
Published: 11/18/2005
CVSS Severity: 7.2 (HIGH)
CVE-2005-1248
Summary: Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
Published: 05/16/2005
CVSS Severity: 7.5 (HIGH)
CVE-2005-0043
VU#377368Summary: Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
Published: 05/02/2005
CVSS Severity: 7.5 (HIGH)
To those who think this is anti-Apple, I am merely reporting verifiable facts as found on the Internet. With links for your own corroboration. Not just mere FUD, BS or empty biased worthless claims. All I know is I've had issues with Apple software under Windows. Especially the Bonjour service. Of course depending on your perspective, this could be construed as Apple bashing. I disagree. I think that information in itself is neither good or bad. But I believe in security through awareness, not blind faith... Not that I trust Microsoft either. But I believe Windows 7 is Vista done properly, finally...
And no I do not like iTunes.
~~~~~~~~~~~
There is nothing either good or bad... But thinking makes it so.
~ William Shakespeare
#4
techie4fun
- Expert
-
- Group: Members
- Posts: 2,828
- Joined: 18-October 06
Posted 10 May 2009 - 03:28 PM
Not intentional, but rather a bug.
#6
techie4fun
- Expert
-
- Group: Members
- Posts: 2,828
- Joined: 18-October 06
Posted 10 May 2009 - 03:42 PM
You may have, but I didn't notice.
#7
techie4fun
- Expert
-
- Group: Members
- Posts: 2,828
- Joined: 18-October 06
Posted 10 May 2009 - 03:48 PM
So Stuart, I'm glad to see that while PC World has dumped MANY of it's magazine editors that you are still releasing patch articles.
Good luck.
Good luck.
Page 1 of 1
