Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.ITUNES_CODE_EXEC_CREDS.NASL
HistoryNov 16, 2005 - 12:00 a.m.

Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (credentialed check)

2005-11-1600:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The version of Apple iTunes for Windows on the remote host launches a helper application by searching for it through various system paths.
An attacker with local access can leverage this issue to place a malicious program in a system path and have it called before the helper application.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(20219);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id("CVE-2005-2938");
  script_bugtraq_id(15446);

  script_name(english:"Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (credentialed check)");
  script_summary(english:"Checks for an local code execution vulnerability in iTunes for Windows");
 
  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by a local
code execution flaw.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes for Windows on the remote host launches a
helper application by searching for it through various system paths.
An attacker with local access can leverage this issue to place a
malicious program in a system path and have it called before the
helper application.");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d16d359");
  script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2005/Nov/msg00001.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes 6 for Windows or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/16");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}


if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);


# Look in the registry for iTunes.
ver = get_kb_item("SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\DisplayVersion");
if (ver && ver =~ "^[0-5]\.") security_hole(get_kb_item("SMB/transport"));
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

securityvulns 2
nessus 1
cve 1
cvelist 1
securityvulns
securityvulns
APPLE-SA-2005-11-15 iTunes 6 for Windows
2005-11-16 00:00:00
iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
2005-11-16 00:00:00
nessus
nessus
Apple iTunes For Windows iTunesHelper.exe Path Subversion Local Privilege Escalation (uncredentialed check)
2005-11-16 00:00:00
cve
cve
CVE-2005-2938
2005-11-18 06:03:00
cvelist
cvelist
CVE-2005-2938
2005-11-18 11:00:00
JSON
Related for ITUNES_CODE_EXEC_CREDS.NASL
securityvulns2nessus1cve1cvelist1