Details of VAR-201507-0407

ID

VAR-201507-0407

CVE

CVE-2015-3713

TITLE

Apple OS X of QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003408

DESCRIPTION

QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. QuickTime is one of the multimedia playback components

Trust: 2.07

sources: NVD: CVE-2015-3713 // JVNDB: JVNDB-2015-003408 // BID: 75493 // VULHUB: VHN-81674 // VULMON: CVE-2015-3713

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.3	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.7 (windows 7)	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.7 (windows vista)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.3	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.4	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7	Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003408 // CNNVD: CNNVD-201507-074 // NVD: CVE-2015-3713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3713
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3713
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201507-074
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81674
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3713
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3713
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81674
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81674 // VULMON: CVE-2015-3713 // JVNDB: JVNDB-2015-003408 // CNNVD: CNNVD-201507-074 // NVD: CVE-2015-3713

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81674 // JVNDB: JVNDB-2015-003408 // NVD: CVE-2015-3713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-074

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-074

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003408

PATCH

title:	APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-06-30-5 QuickTime 7.7.7	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/en-us/HT204942	Trust: 0.8
title:	HT204947	url:	https://support.apple.com/en-us/HT204947	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/ja-jp/HT204942	Trust: 0.8
title:	HT204947	url:	https://support.apple.com/ja-jp/HT204947	Trust: 0.8
title:	quicktime7.7.7_installer	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517	Trust: 0.6
title:	osxupd10.10.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516	Trust: 0.6
title:	iPhone7,1_8.4_12H143_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515	Trust: 0.6
title:	Apple: OS X Yosemite v10.10.4 and Security Update 2015-005	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211	Trust: 0.1

sources: VULMON: CVE-2015-3713 // JVNDB: JVNDB-2015-003408 // CNNVD: CNNVD-201507-074

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3713	Trust: 2.9
db:	BID	id:	75493	Trust: 1.5
db:	SECTRACK	id:	1032757	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-003408	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-074	Trust: 0.7
db:	VULHUB	id:	VHN-81674	Trust: 0.1
db:	VULMON	id:	CVE-2015-3713	Trust: 0.1

sources: VULHUB: VHN-81674 // VULMON: CVE-2015-3713 // BID: 75493 // JVNDB: JVNDB-2015-003408 // CNNVD: CNNVD-201507-074 // NVD: CVE-2015-3713

REFERENCES

url:	http://support.apple.com/kb/ht204942	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/75493	Trust: 1.2
url:	http://www.securitytracker.com/id/1032757	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3713	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3713	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39581	Trust: 0.1

sources: VULHUB: VHN-81674 // VULMON: CVE-2015-3713 // BID: 75493 // JVNDB: JVNDB-2015-003408 // CNNVD: CNNVD-201507-074 // NVD: CVE-2015-3713

CREDITS

Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea

Trust: 0.3

sources: BID: 75493

SOURCES

db:	VULHUB	id:	VHN-81674
db:	VULMON	id:	CVE-2015-3713
db:	BID	id:	75493
db:	JVNDB	id:	JVNDB-2015-003408
db:	CNNVD	id:	CNNVD-201507-074
db:	NVD	id:	CVE-2015-3713

LAST UPDATE DATE

2025-04-13T19:45:13.492000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81674	date:	2016-12-30T00:00:00
db:	VULMON	id:	CVE-2015-3713	date:	2016-12-30T00:00:00
db:	BID	id:	75493	date:	2015-07-15T00:57:00
db:	JVNDB	id:	JVNDB-2015-003408	date:	2015-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201507-074	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-3713	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81674	date:	2015-07-03T00:00:00
db:	VULMON	id:	CVE-2015-3713	date:	2015-07-03T00:00:00
db:	BID	id:	75493	date:	2015-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-003408	date:	2015-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201507-074	date:	2015-07-03T00:00:00
db:	NVD	id:	CVE-2015-3713	date:	2015-07-03T02:00:05.650