← back
CVE-2007-1008

CVE-2007-1008

EPSS 2.1%
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29616unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/33742http://securityreason.com/securityalert/2278https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16978http://www.securityfocus.com/archive/1/460544/100/0/threadedhttp://www.securityfocus.com/bid/22615