CVE-2007-0051

{"id": "CVE-2007-0051", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2007-01-04T18:28:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0100.html", "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=305215", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/31165", "source": "cve@mitre.org"}, {"url": "http://projects.info-pull.com/moab/MOAB-04-01-2007.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23615", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.digitalmunition.com/DMA%5B2007-0104a%5D.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455968/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21871", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0057", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31281", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3080", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en Apple iPhoto versi\u00f3n 6.0.5 (316) y otras versiones anteriores a 6.0.6, permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de una fotodifusi\u00f3n creada con especificadores de cadena de formato en el t\u00edtulo de una fuente de iPhoto RSS."}], "lastModified": "2023-11-07T02:00:02.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:iphoto:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9223CB61-E782-4C0F-9BDF-382C3004CED2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}