Lucene search

K
zdiAnonymousZDI-17-490
HistoryJul 19, 2017 - 12:00 a.m.

Apple iTunes iPodService Privilege Escalation Vulnerability

2017-07-1900:00:00
Anonymous
www.zerodayinitiative.com
19
apple
itunes
ipodservice
privilege escalation
vulnerability
local attackers
low-privileged code
target system
flaw
ipodmanager
com control
access restriction
system context

EPSS

0.001

Percentile

35.8%

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the iPodManager COM control. The issue results from the lack of proper restriction of access to the control. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of SYSTEM.

EPSS

0.001

Percentile

35.8%