CVE-2007-3757 - OpenCVE

Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Safari Iphone

Configuration 1 [-]

AND

OR	cpe:2.3:h:apple:iphone:1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=306586
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html	Patch
http://osvdb.org/38534
http://secunia.com/advisories/26983
http://securitytracker.com/id?1018752
http://www.securityfocus.com/bid/25854
http://www.vupen.com/english/advisories/2007/3287
https://exchange.xforce.ibmcloud.com/vulnerabilities/36856

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-27T21:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-07-12T00:00:00

Link: CVE-2007-3757

JSON object: View

NVD Information

Status : Modified

Published: 2007-09-27T21:17:00.000

Modified: 2022-08-09T13:46:58.530

Link: CVE-2007-3757

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted \"tel:\" link that causes iPhone to display a different number than the number that will be dialed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25854", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25854"}, {"name": "iphone-tellink-call-hijacking(36856)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"}, {"name": "APPLE-SA-2007-09-27", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"name": "38534", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38534"}, {"name": "26983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26983"}, {"name": "ADV-2007-3287", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"name": "1018752", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018752"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3757", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted \"tel:\" link that causes iPhone to display a different number than the number that will be dialed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25854", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25854"}, {"name": "iphone-tellink-call-hijacking(36856)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"}, {"name": "APPLE-SA-2007-09-27", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=306586", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"name": "38534", "refsource": "OSVDB", "url": "http://osvdb.org/38534"}, {"name": "26983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26983"}, {"name": "ADV-2007-3287", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"name": "1018752", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018752"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3757", "datePublished": "2007-09-27T21:00:00", "dateReserved": "2007-07-12T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted \"tel:\" link that causes iPhone to display a different number than the number that will be dialed."}, {"lang": "es", "value": "Safari en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario enga\u00f1ar al usuario del iPhone para que haga llamadas a n\u00fameros de tel\u00e9fono de su elecci\u00f3n mediante un enlace \"tel:\" manipulado artesanalmente que provoca que el iPhone muestre un n\u00famero diferente del que est\u00e1 siendo marcado."}], "id": "CVE-2007-3757", "lastModified": "2022-08-09T13:46:58.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-09-27T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38534"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26983"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018752"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25854"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}