8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.686 Medium
EPSS
Percentile
97.9%
10/31/2017
High
Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting this vulnerability malicious users can execute arbitrary code and cause denial of service. This vulnerability can be exploited remotely via a specially crafted webpage.
Apple iTunes earlier than 12.7.1
Update to latest version
Download iTunes
About the security content of iTunes 12.7.1 for Windows
ACE
CVE-2017-137846.8High
CVE-2017-137856.8High
CVE-2017-137916.8High
CVE-2017-137926.8High
CVE-2017-137946.8High
CVE-2017-137956.8High
CVE-2017-137966.8High
CVE-2017-137986.8High
CVE-2017-138026.8High
CVE-2017-137836.8High
CVE-2017-137886.8High
CVE-2017-137936.8High
CVE-2017-138036.8High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT208224
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.686 Medium
EPSS
Percentile
97.9%