PT-2007-1544 · Apple · Iphoto
Kevin Finisterre
·
Published
2007-01-04
·
Updated
2018-10-16
·
CVE-2007-0051
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple iPhoto versions 6.0.5 and prior to 6.0.6
Description
The issue allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
Recommendations
For Apple iPhoto versions 6.0.5 and prior to 6.0.6, update to version 6.0.6 or later to resolve the issue.
Exploit
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iphoto