[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3434Date: (C)2008-08-01   (M)2023-12-22


Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
APPLE-SA-2011-11-14-1
http://support.apple.com/kb/HT5030
http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf
http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz
oval:org.mitre.oval:def:17136

CPE    12
cpe:/a:apple:itunes:5.0.1
cpe:/a:apple:itunes:4.7.1
cpe:/a:apple:itunes:4.0.1
cpe:/a:apple:itunes:4.5
...
CWE    1
CWE-94
OVAL    4
oval:org.secpod.oval:def:3966
oval:org.secpod.oval:def:3969
oval:org.secpod.oval:def:3967
oval:org.secpod.oval:def:3968
...

© SecPod Technologies