Thinking OPEN

Itunes 7.7.1 and prior [High]

By Security Team • Sep 10th, 2008 • Category: Security Notifications

Affects:

  • Itunes 7.7.1 and prior [High]

Description

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \.GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-3636
Severity: High

National Vulnerabilities Database

NIST National Vulnerabilities Database

Related OLEX Packages: itunes
Security Team

Security Team
We'll keep you safe. Trust us, that's our job. Even though, contrary to what our Avatar might imply, we're not all linebackers. In fact, some of us are quite petite. And others of us wear high heeled boots. Red. Wondering whether we also know what we're talking about? C'mon -have you read any of these security posts?
All posts by Security Team

Comments are closed.