Sign-up

ID

VAR-200802-0206


CVE

CVE-2008-0830


TITLE

iPhoto for DPAP Service disruption at the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002743

DESCRIPTION

The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. Apple iPhoto is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions. This issue affects Apple iPhoto 4.0.3 and prior versions

Trust: 1.98

sources: NVD: CVE-2008-0830 // JVNDB: JVNDB-2008-002743 // BID: 27867 // VULHUB: VHN-30955

AFFECTED PRODUCTS

vendor:applemodel:iphotoscope:eqversion:4.0.3

Trust: 2.7

sources: BID: 27867 // JVNDB: JVNDB-2008-002743 // CNNVD: CNNVD-200802-353 // NVD: CVE-2008-0830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0830
value: HIGH

Trust: 1.0

NVD: CVE-2008-0830
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200802-353
value: HIGH

Trust: 0.6

VULHUB: VHN-30955
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-0830
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30955
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30955 // JVNDB: JVNDB-2008-002743 // CNNVD: CNNVD-200802-353 // NVD: CVE-2008-0830

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-30955 // JVNDB: JVNDB-2008-002743 // NVD: CVE-2008-0830

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-353

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200802-353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002743

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-30955

PATCH
title:Top Pageurl:http://www.apple.com/ilife/iphoto/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002743

EXTERNAL IDS
db:NVDid:CVE-2008-0830
Trust: 2.8
db:BIDid:27867
Trust: 2.0
db:EXPLOIT-DBid:5151
Trust: 1.7
db:SECTRACKid:1019488
Trust: 1.7
db:JVNDBid:JVNDB-2008-002743
Trust: 0.8
db:CNNVDid:CNNVD-200802-353
Trust: 0.7
db:MILW0RMid:5151
Trust: 0.6
db:VULHUBid:VHN-30955
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30955 // 
            
            
            
            BID: 27867 // 
            
            
            
            JVNDB: JVNDB-2008-002743 // 
            
            
            
            CNNVD: CNNVD-200802-353 // 
            
            
            
            NVD: CVE-2008-0830

REFERENCES
url:http://www.securityfocus.com/bid/27867
Trust: 1.7
url:http://www.securitytracker.com/id?1019488
Trust: 1.7
url:https://www.exploit-db.com/exploits/5151
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0830
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0830
Trust: 0.8
url:http://www.milw0rm.com/exploits/5151
Trust: 0.6
url:http://www.apple.com/ilife/iphoto/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-30955 // 
            
            
            
            BID: 27867 // 
            
            
            
            JVNDB: JVNDB-2008-002743 // 
            
            
            
            CNNVD: CNNVD-200802-353 // 
            
            
            
            NVD: CVE-2008-0830

CREDITS
David Wharton is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 27867 // 
            
            
            
            CNNVD: CNNVD-200802-353

SOURCES
db:VULHUBid:VHN-30955
db:BIDid:27867
db:JVNDBid:JVNDB-2008-002743
db:CNNVDid:CNNVD-200802-353
db:NVDid:CVE-2008-0830

LAST UPDATE DATE
2025-04-10T23:14:09.341000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30955date:2017-09-29T00:00:00
db:BIDid:27867date:2015-05-07T17:32:00
db:JVNDBid:JVNDB-2008-002743date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-353date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0830date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-30955date:2008-02-19T00:00:00
db:BIDid:27867date:2008-02-18T00:00:00
db:JVNDBid:JVNDB-2008-002743date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-353date:2008-02-19T00:00:00
db:NVDid:CVE-2008-0830date:2008-02-19T22:44:00