cvelistv5 - cve-2010-0532

CVE-2010-0532 (GCVE-0-2010-0532)

Vulnerability from cvelistv5 – Published: 2010-03-31 18:00 – Updated: 2024-08-07 00:52

Summary

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/39135	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT4105	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:19.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:7110",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
          },
          {
            "name": "39135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4105"
          },
          {
            "name": "APPLE-SA-2010-03-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:7110",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
        },
        {
          "name": "39135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4105"
        },
        {
          "name": "APPLE-SA-2010-03-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:7110",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
            },
            {
              "name": "39135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39135"
            },
            {
              "name": "http://support.apple.com/kb/HT4105",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4105"
            },
            {
              "name": "APPLE-SA-2010-03-30-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-0532",
    "datePublished": "2010-03-31T18:00:00",
    "dateReserved": "2010-02-03T00:00:00",
    "dateUpdated": "2024-08-07T00:52:19.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*\", \"versionEndIncluding\": \"9.0.3\", \"matchCriteriaId\": \"F63692D6-3FAD-449C-B610-35479FBDE89C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"B1E809C8-4212-4C32-B3C9-314859CE04EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"F517459A-E3CD-4BBC-A38B-C83B0E761939\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"F3A1B79A-D89C-416B-9AC6-17E2DC543FDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"90B7F3C0-3266-4611-92D9-E39CD6970641\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D56B932B-9593-44E2-B610-E4EB2143EB21\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.\"}, {\"lang\": \"es\", \"value\": \"Condici\\u00f3n de carrera en el paquete de instalaci\\u00f3n en Apple iTunes en versiones anteriores a la 9.1 en Windows permite a atacantes locales escalar privilegios remplazando un fichero no especificado por un Troyano.\"}]",
      "evaluatorImpact": "Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\r\n\r\n\u0027This issue does not affect Mac OS X systems.\u0027",
      "id": "CVE-2010-0532",
      "lastModified": "2024-11-21T01:12:23.590",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-03-31T18:30:00.407",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39135\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4105\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0532\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-03-31T18:30:00.407\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en el paquete de instalaci\u00f3n en Apple iTunes en versiones anteriores a la 9.1 en Windows permite a atacantes locales escalar privilegios remplazando un fichero no especificado por un Troyano.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.3\",\"matchCriteriaId\":\"F63692D6-3FAD-449C-B610-35479FBDE89C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"B1E809C8-4212-4C32-B3C9-314859CE04EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F517459A-E3CD-4BBC-A38B-C83B0E761939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F3A1B79A-D89C-416B-9AC6-17E2DC543FDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"90B7F3C0-3266-4611-92D9-E39CD6970641\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56B932B-9593-44E2-B610-E4EB2143EB21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39135\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4105\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\\r\\n\\r\\n\u0027This issue does not affect Mac OS X systems.\u0027\"}}"
  }
}

CERTA-2010-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans iTunes peuvent être exploitées par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

De multiples vulnérabilités ont été découvertes dans iTunes :

plusieurs erreurs dans les modules ColorSync et ImageIO peuvent conduire à une fuite de données ou de l'exécution de code arbitraire, notamment par le biais d'images spécialement conçues ;
un fichier MP4 importé spécialement conçu entraîne la création d'une boucle infinie dans iTunes, provoquant ainsi un déni de service à distance ;
une erreur dans le paquet d'installation d'iTunes pour Windows peut provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 9.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4105 du 30 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes versions ant\u00e9rieures \u00e0  9.1.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans iTunes :\n\n-   plusieurs erreurs dans les modules ColorSync et ImageIO peuvent\n    conduire \u00e0 une fuite de donn\u00e9es ou de l\u0027ex\u00e9cution de code\n    arbitraire, notamment par le biais d\u0027images sp\u00e9cialement con\u00e7ues ;\n-   un fichier MP4 import\u00e9 sp\u00e9cialement con\u00e7u entra\u00eene la cr\u00e9ation d\u0027une\n    boucle infinie dans iTunes, provoquant ainsi un d\u00e9ni de service \u00e0\n    distance ;\n-   une erreur dans le paquet d\u0027installation d\u0027iTunes pour Windows peut\n    provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0531"
    },
    {
      "name": "CVE-2010-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0532"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans iTunes peuvent \u00eatre exploit\u00e9es\npar un utilisateur malintentionn\u00e9 afin de compromettre le syst\u00e8me ou\nd\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4105 du 30 mars 2010",
      "url": "http://support.apple.com/kb/HT4105"
    }
  ]
}

CERTA-2010-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans iTunes peuvent être exploitées par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

De multiples vulnérabilités ont été découvertes dans iTunes :

plusieurs erreurs dans les modules ColorSync et ImageIO peuvent conduire à une fuite de données ou de l'exécution de code arbitraire, notamment par le biais d'images spécialement conçues ;
un fichier MP4 importé spécialement conçu entraîne la création d'une boucle infinie dans iTunes, provoquant ainsi un déni de service à distance ;
une erreur dans le paquet d'installation d'iTunes pour Windows peut provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 9.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4105 du 30 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes versions ant\u00e9rieures \u00e0  9.1.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans iTunes :\n\n-   plusieurs erreurs dans les modules ColorSync et ImageIO peuvent\n    conduire \u00e0 une fuite de donn\u00e9es ou de l\u0027ex\u00e9cution de code\n    arbitraire, notamment par le biais d\u0027images sp\u00e9cialement con\u00e7ues ;\n-   un fichier MP4 import\u00e9 sp\u00e9cialement con\u00e7u entra\u00eene la cr\u00e9ation d\u0027une\n    boucle infinie dans iTunes, provoquant ainsi un d\u00e9ni de service \u00e0\n    distance ;\n-   une erreur dans le paquet d\u0027installation d\u0027iTunes pour Windows peut\n    provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0531"
    },
    {
      "name": "CVE-2010-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0532"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans iTunes peuvent \u00eatre exploit\u00e9es\npar un utilisateur malintentionn\u00e9 afin de compromettre le syst\u00e8me ou\nd\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4105 du 30 mars 2010",
      "url": "http://support.apple.com/kb/HT4105"
    }
  ]
}

FKIE_CVE-2010-0532

Vulnerability from fkie_nvd - Published: 2010-03-31 18:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html	Patch, Vendor Advisory
product-security@apple.com	http://secunia.com/advisories/39135	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4105
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39135	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4105
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110

Impacted products

Vendor	Product	Version
apple	itunes	*
apple	itunes	9.0
apple	itunes	9.0.0
apple	itunes	9.0.1
apple	itunes	9.0.2
microsoft	windows_7	*
microsoft	windows_vista	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F63692D6-3FAD-449C-B610-35479FBDE89C",
              "versionEndIncluding": "9.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "B1E809C8-4212-4C32-B3C9-314859CE04EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F517459A-E3CD-4BBC-A38B-C83B0E761939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F3A1B79A-D89C-416B-9AC6-17E2DC543FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "90B7F3C0-3266-4611-92D9-E39CD6970641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el paquete de instalaci\u00f3n en Apple iTunes en versiones anteriores a la 9.1 en Windows permite a atacantes locales escalar privilegios remplazando un fichero no especificado por un Troyano."
    }
  ],
  "evaluatorImpact": "Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\r\n\r\n\u0027This issue does not affect Mac OS X systems.\u0027",
  "id": "CVE-2010-0532",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-31T18:30:00.407",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT4105"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-0532

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

Aliases

CVE-2010-0532

Aliases

CVE-2010-0532

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0532",
    "description": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.",
    "id": "GSD-2010-0532"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0532"
      ],
      "details": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.",
      "id": "GSD-2010-0532",
      "modified": "2023-12-13T01:21:29.392015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-0532",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:7110",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
          },
          {
            "name": "39135",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39135"
          },
          {
            "name": "http://support.apple.com/kb/HT4105",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4105"
          },
          {
            "name": "APPLE-SA-2010-03-30-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0532"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-30-2",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
            },
            {
              "name": "39135",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39135"
            },
            {
              "name": "http://support.apple.com/kb/HT4105",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4105"
            },
            {
              "name": "oval:org.mitre.oval:def:7110",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:30Z",
      "publishedDate": "2010-03-31T18:30Z"
    }
  }
}

GHSA-32PG-5795-JH5M

Vulnerability from github – Published: 2022-05-02 06:13 – Updated: 2022-05-02 06:13

Details

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-31T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.",
  "id": "GHSA-32pg-5795-jh5m",
  "modified": "2022-05-02T06:13:29Z",
  "published": "2022-05-02T06:13:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0532"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7110"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201003-1099

Vulnerability from variot - Updated: 2023-12-18 11:24

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Apple iTunes is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with SYSTEM-level privileges. Versions prior to Apple iTunes 9.1 on Microsoft Windows platforms are vulnerable. Note: This BID was originally titled 'Apple iTunes Privilege Escalation and Denial of Service Vulnerabilities'; the denial-of-service issue has been given its own record (BID 39113) to better document it. Local users can replace unknown files with files carrying Trojan horses to obtain permissions. ----------------------------------------------------------------------

Secunia CSI + Microsoft SCCM

= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

TITLE: Apple iTunes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA39135

VERIFY ADVISORY: http://secunia.com/advisories/39135/

DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system.

1) Multiple errors in the ColorSync and ImageIO components when handling images can be exploited to disclose application memory or potentially execute arbitrary code.

For more information see vulnerabilities #1 through #4 and #9 in: SA38932

2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges.

The vulnerabilities are reported in versions prior to 9.1.

SOLUTION: Update to version 9.1.

PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware

CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware.

ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105

OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Systems Affected: iTunes 9.0.0, iTunes 9.0.1, iTunes 9.0.2, iTunes 9.0.3 (version previous to iTunes 9.0.0 not tested) Risk: High Apple Security Advisory ID: APPLE-SA-2010-03-30-2 [1] Apple Knowledge Base Article: HT4105 [2] CVE-ID: CVE-2010-0532 Status: Published

============ Introduction ============ This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. and this advisory was not released until a fixed build of iTunes was released.

========== Background ========== "iTunes is a proprietary digital media player application, used for playing and organizing digital music and video files. The program is also an interface to manage the contents on Apple's popular iPod and other digital media players such as the iPhone and iPad. Additionally, iTunes can connect to the iTunes Store via the Internet to purchase and download music, music videos, television shows, applications, iPod games, audiobooks, podcasts, feature length films and movie rentals (not available in all countries), and ringtones (only used for iPhone). 10/22/09 Automated response received from Apple Inc. 10/28/09 Automated response received from Apple Inc. 10/29/09 iTunes 9.0.2 released 12/23/09 Status request sent to Apple Inc. 01/06/10 First personal response formally received from Apple Inc. 02/01/10 iTunes 9.0.3 released 03/30/10 iTunes 9.1.0 released, fixing elevation of privilege vulnerability 03/31/10 Advisory released

============= Vulnerability ============= Upon first-time installation, iTunes installs GEAR Software ASPI driver components and Microsoft Driver Install Frameworks API components in "%ALLUSERSPROFILE%\Application Data{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86" for 32-bit installations and in "%ALLUSERSPROFILE%\Application Data\ {0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\x64" for 64-bit installations. The installer installs in this directory DifXInstall32.exe or DifXInstall64.exe for 32-bit or 64-bit installations, respectively, along with DIFxAPI.dll and other files. After the installer writes these files to the directory, it will execute DifXInstall32.exe or DifXInstall64.exe in the context of Local System, a privileged user.

On a standard Windows installation, unprivileged users have write-access to "%ALLUSERSPROFILE%\Application Data". As such, prior to a first-time iTunes installation, an unprivileged attacker can create these directories and place a malicious executable at "%ALLUSERSPROFILE%\Application Data\ {755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe" or "%ALLUSERSPROFILE%\Application Data{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\x64\ DifXInstall64.exe", which could for example add the unprivileged attacker to the Administrators group in Windows when DifXInstall32.exe or DifXInstall64.exe is executed by a privileged user. During installation, the installer won't overwrite an existing DifXInstall32.exe or DifXInstall64.exe; it will execute the existing program in the context of Local System.

On the other hand, if iTunes is already installed on the system, an unprivileged attacker won't have access to overwrite DifXInstall32.exe, DifXInstall64.exe, or DIFxAPI.dll. However, unprivileged attackers still have write-access to create new files in "%ALLUSERSPROFILE%\Application Data\ {755AC846-7372-4AC8-8550-C52491DAA8BD}\x86" or "%ALLUSERSPROFILE%\ Application Data{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\x64". Therefore, an unprivileged attacker could place into the directory a malicious DLL that DifXInstall32.exe, DifXInstall64.exe, or DIFxAPI.dll depends on. For example, DIFxAPI.dll imports setupapi.dll; an unprivileged attacker could place a malicious setupapi.dll file into that directory such that when DifXInstall32.exe or DifXInstall64.exe is executed, it loads DIFxAPI.dll, which in turn loads the malicious setupapi.dll, which could for example add the unprivileged attacker to the Administrators group in Windows when DifXInstall32.exe or DifXInstall64.exe is executed by a privileged user. When an existing iTunes installation is updated to a newer version, the update installer will execute DifXInstall32.exe or DifXInstall64.exe in the context of Local System.

======= Exploit ======= Ideally, the attacker's DLL should have all the functionality of the DLL that the application expected to load, including the same exported functions. An attacker can patch the original DLL so that the attacker's code runs before the DLL's original DllMain code is executed, after which the original DllMain code is called. This allows the DLL to continue to operate as normal.

The program at http://www.malwareanalysis.com/releases/dllpatcher.zip [4] can be used to redirect a given DLL's entrypoint (which originally pointed to DllMain) to point to code that has been patched into the DLL. This patched-in code will add a given user to the Administrators group in Windows (assuming that it's being run in the context of a privileged user), after which it will transfer control back to the DLL's original DllMain. The patcher also updates the Import Table for the DLL since the patched-in code relies on the function NetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of the patcher is that it clears the Bound Imports for the DLL; the only adverse side effect of this is that this may cause the DLL to take a few extra milliseconds to load.

The patcher is compatible with both 32-bit and 64-bit DLLs and displays usage instructions when executed without command line arguments.

As an example, an attacker could use this patcher as follows to patch setupapi.dll so that it will add unprivileged user MyComputer\Jason to the Administrators group when the DLL is loaded by a privileged user:

DllPatcher.exe %WINDIR%\system32\setupapi.dll "%ALLUSERSPROFILE%\Application Data{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\setupapi.dll" MyComputer\Jason

========== Conclusion ========== Proper ACLs should be used to prevent such elevation of privilege attacks and great care should be taken when choosing which directories to use for executable files.

NGSSoftware would like to thank Alex Ionescu for his assistance in communications with the Apple Product Security Team.

=============== Fix Information =============== This issue has now been resolved. iTunes 9.1.0 can be downloaded from: http://www.apple.com/itunes/download

========== References ========== [1] http://lists.apple.com/archives/security-announce/2010/Mar/msg00003.html [2] http://support.apple.com/kb/HT4105 [3] http://en.wikipedia.org/wiki/ITunes [4] http://www.malwareanalysis.com/releases/dllpatcher.zip

NGSSoftware Insight Security Research http://www.ngssoftware.com/ http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-1099",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "9.0.0"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jason Geffner of NGSSoftware",
    "sources": [
      {
        "db": "BID",
        "id": "39092"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0532",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-0532",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-43137",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-0532",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-512",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43137",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Apple iTunes is prone to a local privilege-escalation vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code with SYSTEM-level privileges. \nVersions prior to Apple iTunes 9.1 on Microsoft Windows platforms are vulnerable. \nNote: This BID was originally titled \u0027Apple iTunes Privilege Escalation and Denial of Service Vulnerabilities\u0027; the denial-of-service issue has been given its own record (BID 39113) to better document it. Local users can replace unknown files with files carrying Trojan horses to obtain permissions. ----------------------------------------------------------------------\n\n\n  Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iTunes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA39135\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39135/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iTunes, which can be\nexploited by malicious, local users to gain escalated privileges and\nby malicious people to disclose sensitive information, cause a DoS\n(Denial of Service), or compromise a user\u0027s system. \n\n1) Multiple errors in the ColorSync and ImageIO components when\nhandling images can be exploited to disclose application memory or\npotentially execute arbitrary code. \n\nFor more information see vulnerabilities #1 through #4 and #9 in:\nSA38932\n\n2) An error when processing MP4 files can be exploited to trigger the\nexecution of an infinite loop and render the application unusable\nafter its restart via e.g. a specially crafted podcast. As standard permissions allows any user to write files\nto the path, this can be exploited to either create malicious files\nwith specific names before installation or malicious libraries after\ninstallation, allowing execution of arbitrary code with SYSTEM\nprivileges. \n\nThe vulnerabilities are reported in versions prior to 9.1. \n\nSOLUTION:\nUpdate to version 9.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Sojeong Hong, Sourcefire VRT\n3) Jason Geffner, NGSSoftware\n\nCHANGELOG:\n2010-03-31: Added additional information provided by NGSSoftware. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT4105\n\nOTHER REFERENCES:\nSA38932:\nhttp://secunia.com/advisories/38932/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nSystems Affected: iTunes 9.0.0, iTunes 9.0.1, iTunes 9.0.2, iTunes 9.0.3\n                  (version previous to iTunes 9.0.0 not tested)\nRisk: High\nApple Security Advisory ID: APPLE-SA-2010-03-30-2 [1]\nApple Knowledge Base Article: HT4105 [2]\nCVE-ID: CVE-2010-0532\nStatus: Published\n\n============\nIntroduction\n============\nThis paper discusses how an unprivileged local attacker can elevate their\nprivileges during an initial installation or update of iTunes for Windows. and this advisory was not\nreleased until a fixed build of iTunes was released. \n\n==========\nBackground\n==========\n\"iTunes is a proprietary digital media player application, used for playing and\norganizing digital music and video files. The program is also an interface to\nmanage the contents on Apple\u0027s popular iPod and other digital media players\nsuch as the iPhone and iPad. Additionally, iTunes can connect to the iTunes\nStore via the Internet to purchase and download music, music videos, television\nshows, applications, iPod games, audiobooks, podcasts, feature length films and\nmovie rentals (not available in all countries), and ringtones (only used for\niPhone). \n10/22/09 Automated response received from Apple Inc. \n10/28/09 Automated response received from Apple Inc. \n10/29/09 iTunes 9.0.2 released\n12/23/09 Status request sent to Apple Inc. \n01/06/10 First personal response formally received from Apple Inc. \n02/01/10 iTunes 9.0.3 released\n03/30/10 iTunes 9.1.0 released, fixing elevation of privilege vulnerability\n03/31/10 Advisory released\n\n=============\nVulnerability\n=============\nUpon first-time installation, iTunes installs GEAR Software ASPI driver\ncomponents and Microsoft Driver Install Frameworks API components in \n\"%ALLUSERSPROFILE%\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}\\x86\"\nfor 32-bit installations and in \"%ALLUSERSPROFILE%\\Application Data\\\n{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\\x64\" for 64-bit installations. The\ninstaller installs in this directory DifXInstall32.exe or DifXInstall64.exe for\n32-bit or 64-bit installations, respectively, along with DIFxAPI.dll and other\nfiles. After the installer writes these files to the directory, it will execute\nDifXInstall32.exe or DifXInstall64.exe in the context of Local System, a\nprivileged user. \n\nOn a standard Windows installation, unprivileged users have write-access to\n\"%ALLUSERSPROFILE%\\Application Data\". As such, prior to a first-time iTunes\ninstallation, an unprivileged attacker can create these directories and place a\nmalicious executable at \"%ALLUSERSPROFILE%\\Application Data\\\n{755AC846-7372-4AC8-8550-C52491DAA8BD}\\x86\\DifXInstall32.exe\" or\n\"%ALLUSERSPROFILE%\\Application Data\\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\\x64\\\nDifXInstall64.exe\", which could for example add the unprivileged attacker to\nthe Administrators group in Windows when DifXInstall32.exe or DifXInstall64.exe\nis executed by a privileged user. During installation, the installer won\u0027t\noverwrite an existing DifXInstall32.exe or DifXInstall64.exe; it will execute\nthe existing program in the context of Local System. \n\nOn the other hand, if iTunes is already installed on the system, an\nunprivileged attacker won\u0027t have access to overwrite DifXInstall32.exe,\nDifXInstall64.exe, or DIFxAPI.dll. However, unprivileged attackers still have\nwrite-access to create new files in \"%ALLUSERSPROFILE%\\Application Data\\\n{755AC846-7372-4AC8-8550-C52491DAA8BD}\\x86\" or \"%ALLUSERSPROFILE%\\\nApplication Data\\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\\x64\". Therefore, an\nunprivileged attacker could place into the directory a malicious DLL that\nDifXInstall32.exe, DifXInstall64.exe, or DIFxAPI.dll depends on. For example,\nDIFxAPI.dll imports setupapi.dll; an unprivileged attacker could place a\nmalicious setupapi.dll file into that directory such that when\nDifXInstall32.exe or DifXInstall64.exe is executed, it loads DIFxAPI.dll, which\nin turn loads the malicious setupapi.dll, which could for example add the\nunprivileged attacker to the Administrators group in Windows when\nDifXInstall32.exe or DifXInstall64.exe is executed by a privileged user. When\nan existing iTunes installation is updated to a newer version, the update\ninstaller will execute DifXInstall32.exe or DifXInstall64.exe in the context of\nLocal System. \n\n=======\nExploit\n=======\nIdeally, the attacker\u0027s DLL should have all the functionality of the DLL that\nthe application expected to load, including the same exported functions. An\nattacker can patch the original DLL so that the attacker\u0027s code runs before the\nDLL\u0027s original DllMain code is executed, after which the original DllMain code\nis called. This allows the DLL to continue to operate as normal. \n\nThe program at http://www.malwareanalysis.com/releases/dllpatcher.zip [4] can be\nused to redirect a given DLL\u0027s entrypoint (which originally pointed to DllMain)\nto point to code that has been patched into the DLL. This patched-in code will\nadd a given user to the Administrators group in Windows (assuming that it\u0027s\nbeing run in the context of a privileged user), after which it will transfer\ncontrol back to the DLL\u0027s original DllMain. The patcher also updates the Import\nTable for the DLL since the patched-in code relies on the function\nNetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of\nthe patcher is that it clears the Bound Imports for the DLL; the only adverse\nside effect of this is that this may cause the DLL to take a few extra\nmilliseconds to load. \n\nThe patcher is compatible with both 32-bit and 64-bit DLLs and displays usage\ninstructions when executed without command line arguments. \n\nAs an example, an attacker could use this patcher as follows to patch\nsetupapi.dll so that it will add unprivileged user MyComputer\\Jason to the\nAdministrators group when the DLL is loaded by a privileged user:\n\nDllPatcher.exe %WINDIR%\\system32\\setupapi.dll \"%ALLUSERSPROFILE%\\Application \nData\\{755AC846-7372-4AC8-8550-C52491DAA8BD}\\x86\\setupapi.dll\" MyComputer\\Jason\n\n==========\nConclusion\n==========\nProper ACLs should be used to prevent such elevation of privilege attacks and\ngreat care should be taken when choosing which directories to use for\nexecutable files. \n\nNGSSoftware would like to thank Alex Ionescu for his assistance in\ncommunications with the Apple Product Security Team. \n\n===============\nFix Information\n===============\nThis issue has now been resolved. iTunes 9.1.0 can be downloaded from:\nhttp://www.apple.com/itunes/download\n\n==========\nReferences\n==========\n[1] http://lists.apple.com/archives/security-announce/2010/Mar/msg00003.html\n[2] http://support.apple.com/kb/HT4105\n[3] http://en.wikipedia.org/wiki/ITunes\n[4] http://www.malwareanalysis.com/releases/dllpatcher.zip\n\nNGSSoftware Insight Security Research\nhttp://www.ngssoftware.com/\nhttp://www.databasesecurity.com/\nhttp://www.nextgenss.com/\n+44(0)208 401 0070\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "PACKETSTORM",
        "id": "87893"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-43137",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0532",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "39135",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-03-30-2",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "39092",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "87893",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-43137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "87984",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "PACKETSTORM",
        "id": "87893"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "id": "VAR-201003-1099",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:24:57.110000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105"
      },
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/39135"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00003.html"
      },
      {
        "trust": 1.3,
        "url": "http://support.apple.com/kb/ht4105"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7110"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0532"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0532"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/510426"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38932/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39135/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download"
      },
      {
        "trust": 0.1,
        "url": "http://en.wikipedia.org/wiki/itunes"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0532"
      },
      {
        "trust": 0.1,
        "url": "http://www.nextgenss.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.malwareanalysis.com/releases/dllpatcher.zip"
      },
      {
        "trust": 0.1,
        "url": "http://www.ngssoftware.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.apple.com/archives/security-announce/2010/mar/msg00003.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.databasesecurity.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "PACKETSTORM",
        "id": "87893"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "PACKETSTORM",
        "id": "87893"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "date": "2010-03-30T00:00:00",
        "db": "BID",
        "id": "39092"
      },
      {
        "date": "2010-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "date": "2010-04-02T16:05:17",
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "date": "2010-04-01T03:45:04",
        "db": "PACKETSTORM",
        "id": "87893"
      },
      {
        "date": "2010-03-31T18:30:00.407000",
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43137"
      },
      {
        "date": "2010-03-30T00:00:00",
        "db": "BID",
        "id": "39092"
      },
      {
        "date": "2010-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      },
      {
        "date": "2017-09-19T01:30:26.313000",
        "db": "NVD",
        "id": "CVE-2010-0532"
      },
      {
        "date": "2010-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "39092"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "PACKETSTORM",
        "id": "87893"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Run on  Apple iTunes Elevation of privilege vulnerability in installation packages",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001339"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competitive condition",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-512"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0532 (GCVE-0-2010-0532)

CERTA-2010-AVI-147

Description

Solution

CERTA-2010-AVI-147

Description

Solution

FKIE_CVE-2010-0532

GSD-2010-0532

GHSA-32PG-5795-JH5M

VAR-201003-1099

Tags

Sightings

Nomenclature