exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2005-11-15

Apple Security Advisory 2005-11-15
Posted Nov 20, 2005
Authored by Apple | Site apple.com

Apple Security Advisory - Due to the way iTunes 5 for Windows launches its helper application, multiple system paths are searched to determine which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.

tags | advisory, local
systems | windows, apple
SHA-256 | 1ed058151d4f2e99d893d269007cc9a8a01e6bb7a95d98624cc109014b637794

Apple Security Advisory 2005-11-15

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-15 iTunes 6 for Windows

CVE-ID: CVE-2005-2938

Available for: Microsoft Windows XP and Microsoft Windows 2000

Impact: iTunes 5 for Windows may launch the wrong helper program

Description: Due to the way iTunes 5 for Windows launches its helper
application, multiple system paths are searched to determine which
program to run. This may allow a malicious user on the local system
to create an environment where an alternate program will be executed
by iTunes. This has already been addressed in the iTunes 6 release
for Windows, available from:
http://www.apple.com/itunes/download/

This advisory is being released at this time to coordinate with other
vendors whose products were also affected by their implementation of
the helper application launch mechanism. Credit to iDEFENSE for
reporting this issue.

iTunes 6 for Windows may be obtained from:
http://www.apple.com/itunes/download/

The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 56bc7f7d8f293e703fb3801cb07ec16aaaad20c5

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)

iQEVAwUBQ3pxoIHaV5ucd/HdAQI+jQf/bWOoNxMlOTGB+wtv2P5DDKDH1r1aecwz
Kg5JfbApqTES/nFLE4mcnPfATVvhSXEQ0vgVEdYcf8u8p1LuvOYk4d5Tz/enBHDZ
un4j085guj7mnEUspEwtDdV8b9Y88fYrGCOk72UpRpwz5/ENJlo9F44ZAQljX7OX
TKYyDDqU1b7q3oWl6ziBPpmuOMDQ21tBs7QDZKmBd9U6dEg8JEWBo+OApnZMaaFF
MUU2ChDV3A0TFW4/Do8mgj8zP19r9hu24PMZMF0Qbrb+wP5/XvLYB9DRrXQVenWl
tVQBo4HDpSu2EHkyRvMonJ22Bu2MVks1MyG6v5Z8wQJvVMbknLhNKw==
=OcPv
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close