Multiple vulnerabilities in Apple iTunes
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 45 |
| CVE-ID | CVE-2012-3702 CVE-2012-3703 CVE-2012-3704 CVE-2012-3705 CVE-2012-3706 CVE-2012-3707 CVE-2012-3708 CVE-2012-3709 CVE-2012-3710 CVE-2012-3711 CVE-2012-3712 CVE-2012-3657 CVE-2012-3658 CVE-2012-3659 CVE-2012-3660 CVE-2012-3671 CVE-2012-3672 CVE-2012-3673 CVE-2012-3675 CVE-2012-3676 CVE-2012-3677 CVE-2012-3684 CVE-2012-3685 CVE-2012-3688 CVE-2012-3692 CVE-2012-3699 CVE-2012-3700 CVE-2012-3601 CVE-2012-3602 CVE-2012-3612 CVE-2012-3613 CVE-2012-3614 CVE-2012-3616 CVE-2012-3617 CVE-2012-3622 CVE-2012-3623 CVE-2012-3624 CVE-2012-3643 CVE-2012-3647 CVE-2012-3648 CVE-2012-3649 CVE-2012-3651 CVE-2012-3652 CVE-2012-3654 CVE-2012-3598 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
iTunes Client/Desktop applications / Multimedia software |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 45 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43519
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3702
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85385
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78522
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43520
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3703
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85386
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17478
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43521
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3704
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85387
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78559
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17582
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43522
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3705
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85388
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17546
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43523
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3706
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85389
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17518
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU43524
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3707
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85390
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU43525
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3708
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85391
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78524
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17377
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU43526
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3709
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85392
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78550
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17481
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU43527
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3710
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85393
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78519
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17559
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU43528
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85394
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16638
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU43529
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3712
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85395
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17539
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU43530
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3657
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85416
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16891
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU43531
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17467
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU43532
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17562
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU43533
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3660
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85369
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16780
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU43534
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3671
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85370
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU43535
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3672
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85371
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17575
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU43536
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85372
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78539
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17237
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU43537
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85373
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17144
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU43538
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3676
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85374
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17352
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU43539
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85375
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17342
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU43540
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3684
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85376
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17393
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU43541
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3685
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85377
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78542
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17524
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU43542
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3688
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85379
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78538
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17384
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU43543
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3692
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85380
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78521
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17463
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU43544
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3699
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85381
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17288
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU43545
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3700
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85382
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78541
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16986
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU43546
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3601
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85413
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17336
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU43547
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3602
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85414
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16532
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU43548
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3612
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85406
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78510
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU43549
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3613
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85407
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78523
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17224
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU43550
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3614
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85408
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16983
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU43551
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3616
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85409
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17199
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU43552
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3617
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85410
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78547
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17184
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU43553
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85396
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78533
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17357
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU43554
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3623
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85397
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17507
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU43555
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3624
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85398
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78545
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16588
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU43556
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3643
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78546
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17530
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU43557
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85401
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78518
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17516
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Input validation error
EUVDB-ID: #VU43558
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3648
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85402
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78555
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17246
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU43559
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3649
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85403
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17272
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU43560
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3651
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17163
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU43561
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3652
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU43562
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3654
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85415
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78548
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17544
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU43563
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3598
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
MitigationInstall update from vendor's website.
Vulnerable software versionsiTunes: 4.0.0 - 10.6.1
CPE2.3- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/85412
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://exchange.xforce.ibmcloud.com/vulnerabilities/78534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17081
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
