iPhoto < 7.1.2 Format String Vulnerability

Medium Nessus Plugin ID 30201


The remote Mac OS X host contains an application that is affected by a format string vulnerability.


The remote host is running a version of iPhoto 7.1 older than version 7.1.2. Such versions are reportedly affected by a format string vulnerability. If an attacker can trick a user on the affected host into subscribing to a specially crafted photocast, these issues could be leveraged to execute arbitrary code on the affected host subject to the user's privileges.


Upgrade to iPhoto 7.1.2 or later.

See Also




Plugin Details

Severity: Medium

ID: 30201

File Name: macosx_iphoto712.nasl

Version: 1.16

Type: local

Agent: macosx

Published: 2008/02/06

Modified: 2017/05/30

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:iphoto

Required KB Items: Host/MacOSX/packages

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/02/05

Reference Information

CVE: CVE-2008-0043

BID: 27636

OSVDB: 41148

CWE: 94