CVE-2007-0051
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
Date published : 2007-01-04
http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html