Details of VAR-201507-0428

ID

VAR-201507-0428

CVE

CVE-2015-3664

TITLE

Apple QuickTime of QT Media Foundation Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003386

DESCRIPTION

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the alis atom. By providing a malformed alis atom, an attacker is able to cause QuickTime to overflow a stack buffer and execute arbitrary code in the context of the QuickTime process. Apple QuickTime is prone to a stack-based buffer-overflow vulnerability. Failed attempts will likely cause a denial-of-service condition. The title has been changed to better reflect the underlying component affected. Versions prior to QuickTime 7.7.7 running on Windows 7 and Windows Vista are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3664 : Andrea Micalizzi (rgod) working with HP's Zero Day Initiative CVE-2015-3665 : WanderingGlitch of HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3669 : kdot working with HP's Zero Day Initiative QuickTime 7.7.7 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ You may also update to the latest version of QuickTime via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVkxVvAAoJEBcWfLTuOo7tuGoP/3oURL1tC5dv/+ZDKV/nI9Ug WOJoeVUIT662wG7JLEEnhS94VAlChogFcgXNIrms72ApocBMxj81NIsjIjJPqmbg 3UgOHVcA7xYCUTvm5Q3Cj4zZRJ14J47GLu3On1bLtpFPcQRsAyeMIwtbawt6vYoB qiQ7rYvtT02/SBXor0RojmIuo4kMZz2twpjZHGf5aOu/0CzuzA/TPJ1FRALWmvGx rIy4bS0QPqbzg7A/TT+1X9e7pCdY/Hmn3GMFBk3cX0cLfQN8XHxMU/JJ8ja7vbl4 LfB9xuy6CJL9S1w6W/U5/4WVb5k5AXb9mF1KsfxffBGZnOqLxMGWlbr9holSBRfh /BRbaLhNG9DQ9DMO9i7sjdFs3uVM9U3M0G/0TPed2+S8WBOgac+x9OCpM3u9aOjP 3nWiA4WDsurl8DFdZwt5mAi+OoocYQARS4g+JghVkBZ982MXGeisamqyec3BQVzs i75lzDBPp6pW+TJj0GlEFTa2qf/n3YsL5au6RubFHb62qNq7SmmNj0GmBVddZIDd I3TZ72sqievGv0UMMzYhIWeZCUJmSpsr2tJ9pkdH8SkmsEClGJHtwOscevQIhqPz WfhRPgPmGE/0QBtDHRciVWxJ9jfH4AG79+69FqEE1QIew/+/hZcK0IJyttqOVli7 3l2PXTYo9ZOODysgzAFn =Srvg -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2015-3664 // JVNDB: JVNDB-2015-003386 // ZDI: ZDI-15-278 // BID: 75499 // VULHUB: VHN-81625 // PACKETSTORM: 132528

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	lte	version:	7.7.6	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.7 (windows 7)	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.7 (windows vista)	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	quicktime	scope:	eq	version:	7.7.6	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.4	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7	Trust: 0.3

sources: ZDI: ZDI-15-278 // BID: 75499 // JVNDB: JVNDB-2015-003386 // CNNVD: CNNVD-201507-026 // NVD: CVE-2015-3664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3664
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3664
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2015-3664
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201507-026
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81625
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3664
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2015-3664
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-81625
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-15-278 // VULHUB: VHN-81625 // JVNDB: JVNDB-2015-003386 // CNNVD: CNNVD-201507-026 // NVD: CVE-2015-3664

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81625 // JVNDB: JVNDB-2015-003386 // NVD: CVE-2015-3664

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-026

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-026

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003386

PATCH

title:	APPLE-SA-2015-06-30-5 QuickTime 7.7.7	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html	Trust: 0.8
title:	HT204947	url:	http://support.apple.com/en-us/HT204947	Trust: 0.8
title:	HT204947	url:	http://support.apple.com/ja-jp/HT204947	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	http://support.apple.com/kb/HT1222	Trust: 0.7
title:	quicktime7.7.7_installer	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517	Trust: 0.6
title:	osxupd10.10.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516	Trust: 0.6
title:	iPhone7,1_8.4_12H143_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515	Trust: 0.6

sources: ZDI: ZDI-15-278 // JVNDB: JVNDB-2015-003386 // CNNVD: CNNVD-201507-026

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3664	Trust: 3.6
db:	BID	id:	75499	Trust: 1.4
db:	SECTRACK	id:	1032756	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003386	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2700	Trust: 0.7
db:	ZDI	id:	ZDI-15-278	Trust: 0.7
db:	CNNVD	id:	CNNVD-201507-026	Trust: 0.7
db:	VULHUB	id:	VHN-81625	Trust: 0.1
db:	PACKETSTORM	id:	132528	Trust: 0.1

sources: ZDI: ZDI-15-278 // VULHUB: VHN-81625 // BID: 75499 // JVNDB: JVNDB-2015-003386 // PACKETSTORM: 132528 // CNNVD: CNNVD-201507-026 // NVD: CVE-2015-3664

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00005.html	Trust: 1.7
url:	http://support.apple.com/kb/ht204947	Trust: 1.7
url:	http://www.securityfocus.com/bid/75499	Trust: 1.1
url:	http://www.securitytracker.com/id/1032756	Trust: 1.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3664	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3664	Trust: 0.8
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	http://www.apple.com/quicktime/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3661	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3662	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3668	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3669	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3664	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3667	Trust: 0.1

sources: ZDI: ZDI-15-278 // VULHUB: VHN-81625 // BID: 75499 // JVNDB: JVNDB-2015-003386 // PACKETSTORM: 132528 // CNNVD: CNNVD-201507-026 // NVD: CVE-2015-3664

CREDITS

Andrea Micalizzi (rgod)

Trust: 0.7

sources: ZDI: ZDI-15-278

SOURCES

db:	ZDI	id:	ZDI-15-278
db:	VULHUB	id:	VHN-81625
db:	BID	id:	75499
db:	JVNDB	id:	JVNDB-2015-003386
db:	PACKETSTORM	id:	132528
db:	CNNVD	id:	CNNVD-201507-026
db:	NVD	id:	CVE-2015-3664

LAST UPDATE DATE

2025-04-13T20:15:39.624000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-278	date:	2015-07-01T00:00:00
db:	VULHUB	id:	VHN-81625	date:	2016-12-28T00:00:00
db:	BID	id:	75499	date:	2015-07-15T00:52:00
db:	JVNDB	id:	JVNDB-2015-003386	date:	2015-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201507-026	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-3664	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-278	date:	2015-07-01T00:00:00
db:	VULHUB	id:	VHN-81625	date:	2015-07-03T00:00:00
db:	BID	id:	75499	date:	2015-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-003386	date:	2015-07-07T00:00:00
db:	PACKETSTORM	id:	132528	date:	2015-07-02T11:11:11
db:	CNNVD	id:	CNNVD-201507-026	date:	2015-07-03T00:00:00
db:	NVD	id:	CVE-2015-3664	date:	2015-07-03T01:59:23.150