CVE-2010-0532

EPSS 0.03%
Veröffentlicht 31.03.2010 18:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iTunes Update- Editionwindows Version <= 9.0.3

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Vista
   Microsoft ≫ Windows Xp

Apple ≫ iTunes Version9.0 Update- Editionwindows

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Vista
   Microsoft ≫ Windows Xp

Apple ≫ iTunes Version9.0.0 Update- Editionwindows

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Vista
   Microsoft ≫ Windows Xp

Apple ≫ iTunes Version9.0.1 Update- Editionwindows

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Vista
   Microsoft ≫ Windows Xp

Apple ≫ iTunes Version9.0.2 Update- Editionwindows

   Microsoft ≫ Windows 7
   Microsoft ≫ Windows Vista
   Microsoft ≫ Windows Xp

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

Patch

Vendor Advisory

http://secunia.com/advisories/39135

Vendor Advisory

http://support.apple.com/kb/HT4105

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110

https://nvd.nist.gov/vuln/detail/CVE-2010-0532

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0532

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0532

EUVD