Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0051

CWE-134Uncontrolled Format String4 documents4 sources
Severity
6.8MEDIUM
EPSS
35.4%
top 2.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Iphoto
Timeline
PublishedJan 4
Latest updateMay 1

Description

Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/iphoto6.0.5

🔴Vulnerability Details

2
GHSA
GHSA-3655-xq3q-xq2p: Format string vulnerability in Apple iPhoto 62022-05-01
CVEList
CVE-2007-0051: Format string vulnerability in Apple iPhoto 62007-01-04

💥Exploits & PoCs

1
Exploit-DB
iLife iPhoto Photocast - XML Title Remote Format String (PoC)2007-01-04
CVE-2007-0051 (MEDIUM CVSS 6.8) | Format string vulnerability in Appl | cvebase.io