Format String Vulnerability in Apple iPhoto Versions 6.0.5 and Earlier
CVE-2007-0051

Currently unrated

Key Information:

Vendor: Apple
Status: Iphoto
Vendor: CVE Published:; 4 January 2007

What is CVE-2007-0051?

A format string vulnerability exists in Apple iPhoto 6.0.5 and earlier versions, which can be exploited by remote attackers through specially crafted photocasts that contain format string specifiers in the title of an RSS iPhoto feed. This allows the attacker to execute arbitrary code on the victim's system, potentially compromising its integrity. Users are advised to upgrade to version 6.0.6 or later to mitigate this risk.

References

http://secunia.com/advisories/23615

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/455968/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/21871

vdb-entryx_refsource_BID

EPSS Score

34% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2007
Vulnerability Reserved
Jan 4, 2007