|
|
>> Apple iTunes "CreateProcess" Local Privilege Escalation Vulnerability
|
Title : Apple iTunes "CreateProcess" Local Privilege Escalation Vulnerability
VUPEN ID : VUPEN/ADV-2005-2443
CVE ID : CVE-2005-2938
Rated as : Moderate Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-11-15
|
|
A vulnerability has been identified in Apple iTunes, which could be exploited by malicious users to obtain elevated privileges. This flaw is due to an error in the way iTunes launches its helper application and searches system paths using the "CreateProcess()" and "CreateProcessAsUser()" functions to determine the program to run, which could be exploited by a malicious local user to create an environment where a malicious program will be executed with the privileges of the user running the vulnerable application.
Credits
Vulnerability reported by iDEFENSE
ChangeLog
2005-11-15 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
