Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2938

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2938
Last Modified 10 Mar 2011 12:00:00
Published 18 Nov 2005 01:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2938

Summary

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

Vulnerable Systems

Application

  • Apple Itunes 4.7.1.30

  • Apple Itunes 5.0


References

VUPEN - ADV-2005-2443

IDEFENSE - 20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability

SECTRACK - 1015222


Last Updated: 27 May 2016 10:40:40