Sign-up

ID

VAR-201507-0429


CVE

CVE-2015-3665


TITLE

Apple QuickTime of QT Media Foundation Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003387

DESCRIPTION

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the properties for the QuickTime browser plugin. By manipulating a QuickTime object's properties an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.7 running on Windows 7 and Windows Vista are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3664 : Andrea Micalizzi (rgod) working with HP's Zero Day Initiative CVE-2015-3665 : WanderingGlitch of HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3669 : kdot working with HP's Zero Day Initiative QuickTime 7.7.7 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ You may also update to the latest version of QuickTime via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVkxVvAAoJEBcWfLTuOo7tuGoP/3oURL1tC5dv/+ZDKV/nI9Ug WOJoeVUIT662wG7JLEEnhS94VAlChogFcgXNIrms72ApocBMxj81NIsjIjJPqmbg 3UgOHVcA7xYCUTvm5Q3Cj4zZRJ14J47GLu3On1bLtpFPcQRsAyeMIwtbawt6vYoB qiQ7rYvtT02/SBXor0RojmIuo4kMZz2twpjZHGf5aOu/0CzuzA/TPJ1FRALWmvGx rIy4bS0QPqbzg7A/TT+1X9e7pCdY/Hmn3GMFBk3cX0cLfQN8XHxMU/JJ8ja7vbl4 LfB9xuy6CJL9S1w6W/U5/4WVb5k5AXb9mF1KsfxffBGZnOqLxMGWlbr9holSBRfh /BRbaLhNG9DQ9DMO9i7sjdFs3uVM9U3M0G/0TPed2+S8WBOgac+x9OCpM3u9aOjP 3nWiA4WDsurl8DFdZwt5mAi+OoocYQARS4g+JghVkBZ982MXGeisamqyec3BQVzs i75lzDBPp6pW+TJj0GlEFTa2qf/n3YsL5au6RubFHb62qNq7SmmNj0GmBVddZIDd I3TZ72sqievGv0UMMzYhIWeZCUJmSpsr2tJ9pkdH8SkmsEClGJHtwOscevQIhqPz WfhRPgPmGE/0QBtDHRciVWxJ9jfH4AG79+69FqEE1QIew/+/hZcK0IJyttqOVli7 3l2PXTYo9ZOODysgzAFn =Srvg -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2015-3665 // JVNDB: JVNDB-2015-003387 // ZDI: ZDI-15-276 // BID: 75498 // VULHUB: VHN-81626 // PACKETSTORM: 132528

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:lteversion:7.7.6

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.7.7 (windows 7)

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.7 (windows vista)

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktimescope:eqversion:7.7.6

Trust: 0.6

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: ZDI: ZDI-15-276 // BID: 75498 // JVNDB: JVNDB-2015-003387 // CNNVD: CNNVD-201507-027 // NVD: CVE-2015-3665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3665
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3665
value: MEDIUM

Trust: 0.8

ZDI: CVE-2015-3665
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201507-027
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81626
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3665
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

VULHUB: VHN-81626
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-276 // VULHUB: VHN-81626 // JVNDB: JVNDB-2015-003387 // CNNVD: CNNVD-201507-027 // NVD: CVE-2015-3665

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81626 // JVNDB: JVNDB-2015-003387 // NVD: CVE-2015-3665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-027

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003387

PATCH
title:APPLE-SA-2015-06-30-5 QuickTime 7.7.7url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html
Trust: 0.8
title:HT204947url:http://support.apple.com/en-us/HT204947
Trust: 0.8
title:HT204947url:http://support.apple.com/ja-jp/HT204947
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:http://support.apple.com/kb/HT201222
Trust: 0.7
sources:
            
            
            ZDI: ZDI-15-276 // 
            
            
            
            JVNDB: JVNDB-2015-003387

EXTERNAL IDS
db:NVDid:CVE-2015-3665
Trust: 3.6
db:BIDid:75498
Trust: 1.4
db:SECTRACKid:1032756
Trust: 1.1
db:JVNDBid:JVNDB-2015-003387
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2574
Trust: 0.7
db:ZDIid:ZDI-15-276
Trust: 0.7
db:CNNVDid:CNNVD-201507-027
Trust: 0.7
db:VULHUBid:VHN-81626
Trust: 0.1
db:PACKETSTORMid:132528
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-276 // 
            
            
            
            VULHUB: VHN-81626 // 
            
            
            
            BID: 75498 // 
            
            
            
            JVNDB: JVNDB-2015-003387 // 
            
            
            
            PACKETSTORM: 132528 // 
            
            
            
            CNNVD: CNNVD-201507-027 // 
            
            
            
            NVD: CVE-2015-3665

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00005.html
Trust: 1.7
url:http://support.apple.com/kb/ht204947
Trust: 1.7
url:http://www.securityfocus.com/bid/75498
Trust: 1.1
url:http://www.securitytracker.com/id/1032756
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3665
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3665
Trust: 0.8
url:http://support.apple.com/kb/ht201222
Trust: 0.7
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.apple.com/quicktime/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3661
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3662
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3666
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3663
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3665
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3668
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3669
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3664
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3667
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-276 // 
            
            
            
            VULHUB: VHN-81626 // 
            
            
            
            BID: 75498 // 
            
            
            
            JVNDB: JVNDB-2015-003387 // 
            
            
            
            PACKETSTORM: 132528 // 
            
            
            
            CNNVD: CNNVD-201507-027 // 
            
            
            
            NVD: CVE-2015-3665

CREDITS
WanderingGlitch of HP's Zero Day Initiative
Trust: 1.0
sources:
            
            
            ZDI: ZDI-15-276 // 
            
            
            
            BID: 75498

SOURCES
db:ZDIid:ZDI-15-276
db:VULHUBid:VHN-81626
db:BIDid:75498
db:JVNDBid:JVNDB-2015-003387
db:PACKETSTORMid:132528
db:CNNVDid:CNNVD-201507-027
db:NVDid:CVE-2015-3665

LAST UPDATE DATE
2025-04-13T21:05:05.362000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-276date:2015-07-01T00:00:00
db:VULHUBid:VHN-81626date:2016-12-28T00:00:00
db:BIDid:75498date:2015-07-15T00:57:00
db:JVNDBid:JVNDB-2015-003387date:2015-07-07T00:00:00
db:CNNVDid:CNNVD-201507-027date:2015-07-10T00:00:00
db:NVDid:CVE-2015-3665date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-276date:2015-07-01T00:00:00
db:VULHUBid:VHN-81626date:2015-07-03T00:00:00
db:BIDid:75498date:2015-07-01T00:00:00
db:JVNDBid:JVNDB-2015-003387date:2015-07-07T00:00:00
db:PACKETSTORMid:132528date:2015-07-02T11:11:11
db:CNNVDid:CNNVD-201507-027date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3665date:2015-07-03T01:59:23.993