Apple iLife iPhoto PhotoCast XML Remote Format String Vulnerability

iLife iPhoto is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

Version 6.0.5 (316) is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus