Apple Mac OS X 10.4.x iPhoto photo:// URL Handling Format String

ID SSV:83046
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie.
Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application.
Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well.
open 'photo://%25n%25n%25n%25n%25n%25n'