Lucene search

[email protected]CVE-2007-1008

HistoryFeb 20, 2007 - 1:28 a.m.

CVE-2007-1008

2007-02-2001:28:00

[email protected]

web.nvd.nist.gov

apple

itunes

7.0.2

denial of service

xml

radio stations

memory corruption

cve-2007-1008

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.

Affected configurations

NVD

Node

appleitunesMatch7.0.2

CPENameOperatorVersion
apple:itunesapple ituneseq7.0.2

CPE	Name	Operator	Version
apple:itunes	apple itunes	eq	7.0.2

References

osvdb.org/33742

securityreason.com/securityalert/2278

www.securityfocus.com/archive/1/460544/100/0/threaded

www.securityfocus.com/bid/22615

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16978

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2007-1008

cvelist1 nvd1 securityvulns1 prion1