[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051115235254.GK8108@securityfocus.com>
Date: Tue, 15 Nov 2005 16:52:54 -0700
From: <noreply@...urityfocus.com>
To: bugtraq@...urityfocus.com
Subject: APPLE-SA-2005-11-15 iTunes 6 for Windows
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-11-15 iTunes 6 for Windows
CVE-ID: CVE-2005-2938
Available for: Microsoft Windows XP and Microsoft Windows 2000
Impact: iTunes 5 for Windows may launch the wrong helper program
Description: Due to the way iTunes 5 for Windows launches its helper
application, multiple system paths are searched to determine which
program to run. This may allow a malicious user on the local system
to create an environment where an alternate program will be executed
by iTunes. This has already been addressed in the iTunes 6 release
for Windows, available from:
http://www.apple.com/itunes/download/
This advisory is being released at this time to coordinate with other
vendors whose products were also affected by their implementation of
the helper application launch mechanism. Credit to iDEFENSE for
reporting this issue.
iTunes 6 for Windows may be obtained from:
http://www.apple.com/itunes/download/
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 56bc7f7d8f293e703fb3801cb07ec16aaaad20c5
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)
iQEVAwUBQ3pxoIHaV5ucd/HdAQI+jQf/bWOoNxMlOTGB+wtv2P5DDKDH1r1aecwz
Kg5JfbApqTES/nFLE4mcnPfATVvhSXEQ0vgVEdYcf8u8p1LuvOYk4d5Tz/enBHDZ
un4j085guj7mnEUspEwtDdV8b9Y88fYrGCOk72UpRpwz5/ENJlo9F44ZAQljX7OX
TKYyDDqU1b7q3oWl6ziBPpmuOMDQ21tBs7QDZKmBd9U6dEg8JEWBo+OApnZMaaFF
MUU2ChDV3A0TFW4/Do8mgj8zP19r9hu24PMZMF0Qbrb+wP5/XvLYB9DRrXQVenWl
tVQBo4HDpSu2EHkyRvMonJ22Bu2MVks1MyG6v5Z8wQJvVMbknLhNKw==
=OcPv
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists