4.3
CVE-2007-3755
- EPSS 2%
- Veröffentlicht 27.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2% | 0.781 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://docs.info.apple.com/article.html?artnum=306586
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html
http://secunia.com/advisories/26983
http://securitytracker.com/id?1018752
http://www.vupen.com/english/advisories/2007/3287
http://osvdb.org/38536
http://www.securityfocus.com/bid/25862
https://exchange.xforce.ibmcloud.com/vulnerabilities/36853