CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3755
https://notcve.org/view.php?id=CVE-2007-3755
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. Mail en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario forzar al usuario del iPhone a hacer llamadas a números de teléfono de su elección mediante un enlace "tel:", lo cual no informa al usuario antes de marcar el número. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38536 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25862 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36853 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3757
https://notcve.org/view.php?id=CVE-2007-3757
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. Safari en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario engañar al usuario del iPhone para que haga llamadas a números de teléfono de su elección mediante un enlace "tel:" manipulado artesanalmente que provoca que el iPhone muestre un número diferente del que está siendo marcado. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38534 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25854 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36856 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2007-3742
https://notcve.org/view.php?id=CVE-2007-3742
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International Domain Name o IDN) y las fuentes Unicode, lo cual permite a atacantes remotos crear un URL conteniendo "caracteres con apariencia similar" (homógrafos), y posiblemente realizar ataques de fraude (phishing). • http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://isc.sans.org/diary.html?storyid=3214 http://secunia.com/advisories/26287 http://www.securityfocus.com/bid/24636 http://www.securitytracker.com/id?1018488 http://www.vupen.com/english/advisories/2007/2730 http://www.vupen.com/english/advisories/2007/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/35716 • CWE-16: Configuration CWE-59: Improper Link Resolution Before File Access ('Link Following') •