ID

VAR-201407-0079


CVE

CVE-2014-1357


TITLE

plural Apple Product launchd Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003079

DESCRIPTION

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

Trust: 2.16

sources: NVD: CVE-2014-1357 // JVNDB: JVNDB-2014-003079 // BID: 68274 // VULHUB: VHN-69296 // PACKETSTORM: 127306 // PACKETSTORM: 127308

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.9.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:tvosscope:lteversion:6.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:7.0.5

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:7.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:7.0.6

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.9 to 10.9.3

Trust: 0.8

vendor:applemodel:tvscope:ltversion:6.2

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1.2 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1.2 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1.2 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.1.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 68274 // JVNDB: JVNDB-2014-003079 // CNNVD: CNNVD-201407-038 // NVD: CVE-2014-1357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1357
value: HIGH

Trust: 1.0

NVD: CVE-2014-1357
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201407-038
value: CRITICAL

Trust: 0.6

VULHUB: VHN-69296
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1357
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69296
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69296 // JVNDB: JVNDB-2014-003079 // CNNVD: CNNVD-201407-038 // NVD: CVE-2014-1357

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69296 // JVNDB: JVNDB-2014-003079 // NVD: CVE-2014-1357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-038

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201407-038

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003079

PATCH

title:HT6297url:http://support.apple.com/kb/HT6297

Trust: 0.8

title:HT6298url:http://support.apple.com/kb/HT6298

Trust: 0.8

title:HT6296url:http://support.apple.com/kb/HT6296

Trust: 0.8

title:HT6296url:http://support.apple.com/kb/HT6296?viewlocale=ja_JP

Trust: 0.8

title:HT6297url:http://support.apple.com/kb/HT6297?viewlocale=ja_JP

Trust: 0.8

title:HT6298url:http://support.apple.com/kb/HT6298?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2014-003079

EXTERNAL IDS

db:NVDid:CVE-2014-1357

Trust: 3.0

db:SECUNIAid:59475

Trust: 1.7

db:SECTRACKid:1030500

Trust: 1.7

db:JVNid:JVNVU99696049

Trust: 0.8

db:JVNDBid:JVNDB-2014-003079

Trust: 0.8

db:CNNVDid:CNNVD-201407-038

Trust: 0.7

db:BIDid:68274

Trust: 0.3

db:VULHUBid:VHN-69296

Trust: 0.1

db:PACKETSTORMid:127306

Trust: 0.1

db:PACKETSTORMid:127308

Trust: 0.1

sources: VULHUB: VHN-69296 // BID: 68274 // JVNDB: JVNDB-2014-003079 // PACKETSTORM: 127306 // PACKETSTORM: 127308 // CNNVD: CNNVD-201407-038 // NVD: CVE-2014-1357

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html

Trust: 2.5

url:http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html

Trust: 2.5

url:http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

Trust: 2.5

url:http://support.apple.com/kb/ht6296

Trust: 1.7

url:http://www.securitytracker.com/id/1030500

Trust: 1.7

url:http://secunia.com/advisories/59475

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1357

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99696049/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1357

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://support.apple.com/kb/ht1222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1357

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1356

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1355

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-1359

Trust: 0.2

url:http://gpgtools.org

Trust: 0.2

url:http://support.apple.com/kb/ht6293

Trust: 0.1

url:http://support.apple.com/kb/ht6005.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1377

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1372

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1380

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1375

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1371

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1378

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1381

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1373

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1376

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1334

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1338

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1325

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1335

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1323

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1333

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1339

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1327

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2875

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1329

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1330

Trust: 0.1

sources: VULHUB: VHN-69296 // BID: 68274 // JVNDB: JVNDB-2014-003079 // PACKETSTORM: 127306 // PACKETSTORM: 127308 // CNNVD: CNNVD-201407-038 // NVD: CVE-2014-1357

CREDITS

cunzhang from Adlab of Venustech, Ian Beer of Google Project Zero and Thijs Alkemade of The Adium Project

Trust: 0.3

sources: BID: 68274

SOURCES

db:VULHUBid:VHN-69296
db:BIDid:68274
db:JVNDBid:JVNDB-2014-003079
db:PACKETSTORMid:127306
db:PACKETSTORMid:127308
db:CNNVDid:CNNVD-201407-038
db:NVDid:CVE-2014-1357

LAST UPDATE DATE

2025-04-13T20:28:31.545000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-69296date:2019-03-08T00:00:00
db:BIDid:68274date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2014-003079date:2014-07-09T00:00:00
db:CNNVDid:CNNVD-201407-038date:2019-03-13T00:00:00
db:NVDid:CVE-2014-1357date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-69296date:2014-07-01T00:00:00
db:BIDid:68274date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2014-003079date:2014-07-02T00:00:00
db:PACKETSTORMid:127306date:2014-07-01T01:03:32
db:PACKETSTORMid:127308date:2014-07-01T01:07:19
db:CNNVDid:CNNVD-201407-038date:2014-07-03T00:00:00
db:NVDid:CVE-2014-1357date:2014-07-01T10:17:26.563