CVE-2007-3755

Published: Sep 27, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.

Affected (3)

Products: Apple: Iphone, Iphone Os

Apple

2 products

Iphone

Iphone Os

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone	Version 1.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://docs.info.apple.com/article.html?artnum=306586

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: cve@mitre.org

Patch

http://osvdb.org/38536

Source: cve@mitre.org

http://secunia.com/advisories/26983

Source: cve@mitre.org

http://securitytracker.com/id?1018752

Source: cve@mitre.org

http://www.securityfocus.com/bid/25862

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3287

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36853

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306586