Sign-up

ID

VAR-200701-0534


CVE

CVE-2007-0051


TITLE

Apple iPhoto Format string vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001318

DESCRIPTION

Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. iLife iPhoto is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Version 6.0.5 (316) is vulnerable; other versions may also be affected. Apple iLife iPhoto software allows users to create and share photo pages on websites. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Apple iLife iPhoto Photocast XML "title" Format String Vulnerability SECUNIA ADVISORY ID: SA23615 VERIFY ADVISORY: http://secunia.com/advisories/23615/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple iLife iPhoto 6.x http://secunia.com/product/13158/ DESCRIPTION: Kevin Finisterre has reported a vulnerability in iLIfe iPhoto, which potentially can be exploited by malicious people to compromise a user's system. Successful exploitation requires that the user e.g. is tricked into subscribing to a malicious Photocast feed. SOLUTION: Do not follow or subscribe to untrusted links to Photocast feeds. PROVIDED AND/OR DISCOVERED BY: Kevin Finisterre ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-04-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0051 // JVNDB: JVNDB-2007-001318 // BID: 21871 // VULHUB: VHN-23413 // PACKETSTORM: 53470

AFFECTED PRODUCTS

vendor:applemodel:iphotoscope:eqversion:6.0.5

Trust: 2.4

vendor:applemodel:iphotoscope:eqversion:6.0.5(316)

Trust: 0.3

vendor:applemodel:iphotoscope:neversion:6.0.6

Trust: 0.3

sources: BID: 21871 // JVNDB: JVNDB-2007-001318 // CNNVD: CNNVD-200701-014 // NVD: CVE-2007-0051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0051
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0051
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200701-014
value: MEDIUM

Trust: 0.6

VULHUB: VHN-23413
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0051
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23413
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23413 // JVNDB: JVNDB-2007-001318 // CNNVD: CNNVD-200701-014 // NVD: CVE-2007-0051

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2007-001318 // NVD: CVE-2007-0051

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-014

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200701-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001318

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-23413

PATCH
title:APPLE-SA-2007-03-13url:http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001318

EXTERNAL IDS
db:NVDid:CVE-2007-0051
Trust: 2.8
db:BIDid:21871
Trust: 2.0
db:SECUNIAid:23615
Trust: 1.8
db:VUPENid:ADV-2007-0057
Trust: 1.7
db:OSVDBid:31165
Trust: 1.7
db:EXPLOIT-DBid:3080
Trust: 1.7
db:JVNDBid:JVNDB-2007-001318
Trust: 0.8
db:CNNVDid:CNNVD-200701-014
Trust: 0.7
db:XFid:31281
Trust: 0.6
db:APPLEid:APPLE-SA-2007-03-13
Trust: 0.6
db:MILW0RMid:3080
Trust: 0.6
db:FULLDISCid:20070104 DMA[2007-0104A] - 'ILIFE IPHOTO PHOTOCASING FORMAT STRING VULNERABILITY'
Trust: 0.6
db:BUGTRAQid:20070104 DMA[2007-0104A] - 'ILIFE IPHOTO PHOTOCASING FORMAT STRING VULNERABILITY'
Trust: 0.6
db:VULHUBid:VHN-23413
Trust: 0.1
db:PACKETSTORMid:53470
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23413 // 
            
            
            
            BID: 21871 // 
            
            
            
            JVNDB: JVNDB-2007-001318 // 
            
            
            
            PACKETSTORM: 53470 // 
            
            
            
            CNNVD: CNNVD-200701-014 // 
            
            
            
            NVD: CVE-2007-0051

REFERENCES
url:http://projects.info-pull.com/moab/moab-04-01-2007.html
Trust: 2.1
url:http://lists.apple.com/archives/security-announce/2007/mar//msg00003.html
Trust: 1.7
url:http://www.securityfocus.com/bid/21871
Trust: 1.7
url:http://docs.info.apple.com/article.html?artnum=305215
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0100.html
Trust: 1.7
url:http://www.digitalmunition.com/dma%5b2007-0104a%5d.txt
Trust: 1.7
url:http://osvdb.org/31165
Trust: 1.7
url:http://secunia.com/advisories/23615
Trust: 1.7
url:http://www.securityfocus.com/archive/1/455968/100/0/threaded
Trust: 1.1
url:https://www.exploit-db.com/exploits/3080
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/0057
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31281
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0051
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0051
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/31281
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/455968/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/3080
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0057
Trust: 0.6
url:http://milw0rm.com/exploits/3080
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=61798
Trust: 0.3
url:http://www.apple.com/ilife/iphoto/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/23615/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13158/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23413 // 
            
            
            
            BID: 21871 // 
            
            
            
            JVNDB: JVNDB-2007-001318 // 
            
            
            
            PACKETSTORM: 53470 // 
            
            
            
            CNNVD: CNNVD-200701-014 // 
            
            
            
            NVD: CVE-2007-0051

CREDITS
Kevin Finisterre  dotslash@snosoft.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-014

SOURCES
db:VULHUBid:VHN-23413
db:BIDid:21871
db:JVNDBid:JVNDB-2007-001318
db:PACKETSTORMid:53470
db:CNNVDid:CNNVD-200701-014
db:NVDid:CVE-2007-0051

LAST UPDATE DATE
2025-04-10T20:55:06.518000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23413date:2018-10-16T00:00:00
db:BIDid:21871date:2007-03-14T03:24:00
db:JVNDBid:JVNDB-2007-001318date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-014date:2007-08-07T00:00:00
db:NVDid:CVE-2007-0051date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-23413date:2007-01-04T00:00:00
db:BIDid:21871date:2007-01-02T00:00:00
db:JVNDBid:JVNDB-2007-001318date:2012-06-26T00:00:00
db:PACKETSTORMid:53470date:2007-01-05T23:44:16
db:CNNVDid:CNNVD-200701-014date:2007-01-04T00:00:00
db:NVDid:CVE-2007-0051date:2007-01-04T18:28:00