By default iTunes installation does't come with dwmapi.dll but iTunes tries to load the DLL when started.
Create any malicious DLL and rename it to dwmapi.dll, copy to C:\Program Files (x86)\iTunes\
After copying the DLL if we start iTunes will execute the code part of malicious DLL leading to DLL Injection.
Location: C:\Program Files (x86)\iTunes\dwmapi.dll
Application:iTunes 12.0.1.26
OS: Windows 7 Ultimate N SP1
Apples response
After examining your report we do not see any actual security implications.
Writing a file to the C:\Program Files (x86)\iTunes directory requires local
administrative privileges.
No comments:
Post a Comment