Sign-up

ID

VAR-201507-0410


CVE

CVE-2015-3716


TITLE

Apple OS X of Spotlight Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003405

DESCRIPTION

Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. Spotlight is one of the components that can quickly retrieve the entire system (including files, emails, contacts, etc.) in the input box

Trust: 2.07

sources: NVD: CVE-2015-3716 // JVNDB: JVNDB-2015-003405 // BID: 75493 // VULHUB: VHN-81677 // VULMON: CVE-2015-3716

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 0.6

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003405 // CNNVD: CNNVD-201507-077 // NVD: CVE-2015-3716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3716
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3716
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-077
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81677
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3716
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3716
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81677
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81677 // VULMON: CVE-2015-3716 // JVNDB: JVNDB-2015-003405 // CNNVD: CNNVD-201507-077 // NVD: CVE-2015-3716

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-81677 // JVNDB: JVNDB-2015-003405 // NVD: CVE-2015-3716

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201507-077

TYPE

Unknown

Trust: 0.3

sources: BID: 75493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003405

PATCH
title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Trust: 0.8
title:HT204942url:http://support.apple.com/en-us/HT204942
Trust: 0.8
title:HT204942url:http://support.apple.com/ja-jp/HT204942
Trust: 0.8
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3716 // 
            
            
            
            JVNDB: JVNDB-2015-003405 // 
            
            
            
            CNNVD: CNNVD-201507-077

EXTERNAL IDS
db:NVDid:CVE-2015-3716
Trust: 2.9
db:BIDid:75493
Trust: 1.5
db:SECTRACKid:1032760
Trust: 1.2
db:JVNDBid:JVNDB-2015-003405
Trust: 0.8
db:CNNVDid:CNNVD-201507-077
Trust: 0.7
db:VULHUBid:VHN-81677
Trust: 0.1
db:VULMONid:CVE-2015-3716
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81677 // 
            
            
            
            VULMON: CVE-2015-3716 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003405 // 
            
            
            
            CNNVD: CNNVD-201507-077 // 
            
            
            
            NVD: CVE-2015-3716

REFERENCES
url:http://support.apple.com/kb/ht204942
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html
Trust: 1.8
url:http://www.securityfocus.com/bid/75493
Trust: 1.2
url:http://www.securitytracker.com/id/1032760
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3716
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3716
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81677 // 
            
            
            
            VULMON: CVE-2015-3716 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003405 // 
            
            
            
            CNNVD: CNNVD-201507-077 // 
            
            
            
            NVD: CVE-2015-3716

CREDITS
Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea
Trust: 0.3
sources:
            
            
            BID: 75493

SOURCES
db:VULHUBid:VHN-81677
db:VULMONid:CVE-2015-3716
db:BIDid:75493
db:JVNDBid:JVNDB-2015-003405
db:CNNVDid:CNNVD-201507-077
db:NVDid:CVE-2015-3716

LAST UPDATE DATE
2025-04-13T19:55:21.824000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81677date:2017-09-22T00:00:00
db:VULMONid:CVE-2015-3716date:2017-09-22T00:00:00
db:BIDid:75493date:2015-07-15T00:57:00
db:JVNDBid:JVNDB-2015-003405date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-077date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3716date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81677date:2015-07-03T00:00:00
db:VULMONid:CVE-2015-3716date:2015-07-03T00:00:00
db:BIDid:75493date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003405date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-077date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3716date:2015-07-03T02:00:08.103