Lucene search

[email protected]CVE-2011-0259

HistoryOct 12, 2011 - 6:55 p.m.

CVE-2011-0259

2011-10-1218:55:01

CWE-119

[email protected]

web.nvd.nist.gov

corefoundation

apple itunes

cve-2011-0259

man-in-the-middle attack

arbitrary code execution

denial of service

memory corruption

application crash

nvd

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Affected configurations

NVD

Node

appleitunesRange≤10.4.1

appleitunesMatch4.0.0

appleitunesMatch4.0.1

appleitunesMatch4.1.0

appleitunesMatch4.2.0

appleitunesMatch4.5

appleitunesMatch4.5.0

appleitunesMatch4.6

appleitunesMatch4.6.0

appleitunesMatch4.7

appleitunesMatch4.7.0

appleitunesMatch4.7.1

appleitunesMatch4.7.2

appleitunesMatch4.8.0

appleitunesMatch4.9.0

appleitunesMatch5.0

appleitunesMatch5.0.0

appleitunesMatch5.0.1

appleitunesMatch6.0.0

appleitunesMatch6.0.1

appleitunesMatch6.0.2

appleitunesMatch6.0.3

appleitunesMatch6.0.4

appleitunesMatch6.0.4.2

appleitunesMatch6.0.5

appleitunesMatch7.0.0

appleitunesMatch7.0.1

appleitunesMatch7.0.2

appleitunesMatch7.1.0

appleitunesMatch7.1.1

appleitunesMatch7.2.0

appleitunesMatch7.3.0

appleitunesMatch7.3.1

appleitunesMatch7.3.2

appleitunesMatch7.4

appleitunesMatch7.4.0

appleitunesMatch7.4.1

appleitunesMatch7.4.2

appleitunesMatch7.4.3

appleitunesMatch7.5

appleitunesMatch7.5.0

appleitunesMatch7.6

appleitunesMatch7.6.0

appleitunesMatch7.6.1

appleitunesMatch7.6.2

appleitunesMatch7.7

appleitunesMatch7.7.0

appleitunesMatch7.7.1

appleitunesMatch8.0.0

appleitunesMatch8.0.1

appleitunesMatch8.0.2

appleitunesMatch8.1

appleitunesMatch8.1.1

appleitunesMatch8.2

appleitunesMatch8.2.1

appleitunesMatch9.0.0

appleitunesMatch9.0.1

appleitunesMatch9.0.2

appleitunesMatch9.0.3

appleitunesMatch9.2

appleitunesMatch9.2.1

appleitunesMatch10.0

appleitunesMatch10.0.1

appleitunesMatch10.1

appleitunesMatch10.1.1

appleitunesMatch10.1.2

appleitunesMatch10.2

appleitunesMatch10.3

appleitunesMatch10.3.1

appleitunesMatch10.4

AND

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpsp2

microsoftwindows_xpsp3

CPENameOperatorVersion
apple:itunesapple itunesle10.4.1
apple:itunesapple ituneseq4.0.0
apple:itunesapple ituneseq4.0.1
apple:itunesapple ituneseq4.1.0
apple:itunesapple ituneseq4.2.0
apple:itunesapple ituneseq4.5
apple:itunesapple ituneseq4.5.0
apple:itunesapple ituneseq4.6
apple:itunesapple ituneseq4.6.0
apple:itunesapple ituneseq4.7

CPE	Name	Operator	Version
apple:itunes	apple itunes	le	10.4.1
apple:itunes	apple itunes	eq	4.0.0
apple:itunes	apple itunes	eq	4.0.1
apple:itunes	apple itunes	eq	4.1.0
apple:itunes	apple itunes	eq	4.2.0
apple:itunes	apple itunes	eq	4.5
apple:itunes	apple itunes	eq	4.5.0
apple:itunes	apple itunes	eq	4.6
apple:itunes	apple itunes	eq	4.6.0
apple:itunes	apple itunes	eq	4.7