CVE-2007-0051

Apple iPhoto < 6.0.6 - Remote Code Execution via Crafted Photocast RSS Feed Title

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0051. PoCs published by MoAB.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in iPhoto by serving a maliciously crafted RSS feed. The payload consists of a long string of 'A' characters followed by format specifiers, which can trigger a crash or arbitrary code execution when parsed by iPhoto.

Description

Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · rubydososx

https://www.exploit-db.com/exploits/3080

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in iPhoto by serving a maliciously crafted RSS feed. The payload consists of a long string of 'A' characters followed by format specifiers, which can trigger a crash or arbitrary code execution when parsed by iPhoto.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apple iPhoto (version not specified, likely pre-2007)

No auth needed

Prerequisites: Network access to the target · Target must connect to the malicious server

MITRE ATT&CK