Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

Bugtraq ID:	21871
Class:	Input Validation Error
CVE:	CVE-2007-0051
Remote:	Yes
Local:	No
Published:	Jan 02 2007 12:00AM
Updated:	Mar 14 2007 03:24AM
Credit:	Kevin Finisterre is credited with the discovery of this vulnerability.
Vulnerable:	Apple iPhoto 6.0.5 (316)
Not Vulnerable:	Apple iPhoto 6.0.6

Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

iLife iPhoto is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

Version 6.0.5 (316) is vulnerable; other versions may also be affected.

Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

To exploit this issue, an attacker must entice a victim user to open or subscribe to a malicious RSS feed.

The following proofs of concept are available:

• /data/vulnerabilities/exploits/MOAB-04-01-2007.rb

Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

Solution:
The vendor has released iPhoto version 6.0.6 to address this issue; please see the reference section for details.


Apple iPhoto 6.0.5 (316)

• Apple iPhoto_606.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13242&cat= 1&platform=osx&method=sa/iPhoto_606.dmg

Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

References:

• Apple security updates (Apple)
  
• iPhoto Homepage (Apple)
  
• MOAB-04-01-2007: iLife iPhoto Photocast XML title Format String Vulnerability (Kevin Finisterre)