Details of VAR-201507-0443

ID

VAR-201507-0443

CVE

CVE-2015-3680

TITLE

Apple OS X of Apple Type Services Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003379

DESCRIPTION

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of data fork font suitcase files. The issue lies in the parsing of the 'FOND' table. An attacker can leverage this vulnerability to execute code under the context of the current user. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4

Trust: 2.7

sources: NVD: CVE-2015-3680 // JVNDB: JVNDB-2015-003379 // ZDI: ZDI-15-284 // BID: 75493 // VULHUB: VHN-81641 // VULMON: CVE-2015-3680

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.3	Trust: 0.8
vendor:	apple	model:	os x	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.3	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.4	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7	Trust: 0.3

sources: ZDI: ZDI-15-284 // BID: 75493 // JVNDB: JVNDB-2015-003379 // CNNVD: CNNVD-201507-041 // NVD: CVE-2015-3680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3680
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3680
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2015-3680
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201507-041
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81641
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3680
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3680
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
VULHUB:	VHN-81641
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-15-284 // VULHUB: VHN-81641 // VULMON: CVE-2015-3680 // JVNDB: JVNDB-2015-003379 // CNNVD: CNNVD-201507-041 // NVD: CVE-2015-3680

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81641 // JVNDB: JVNDB-2015-003379 // NVD: CVE-2015-3680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-041

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-041

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003379

PATCH

title:	APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/en-us/HT204942	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/ja-jp/HT204942	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	http://support.apple.com/kb/HT201222	Trust: 0.7
title:	quicktime7.7.7_installer	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517	Trust: 0.6
title:	osxupd10.10.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516	Trust: 0.6
title:	iPhone7,1_8.4_12H143_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515	Trust: 0.6
title:	Apple: OS X Yosemite v10.10.4 and Security Update 2015-005	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211	Trust: 0.1

sources: ZDI: ZDI-15-284 // VULMON: CVE-2015-3680 // JVNDB: JVNDB-2015-003379 // CNNVD: CNNVD-201507-041

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3680	Trust: 3.6
db:	BID	id:	75493	Trust: 1.5
db:	SECTRACK	id:	1032760	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-003379	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2781	Trust: 0.7
db:	ZDI	id:	ZDI-15-284	Trust: 0.7
db:	CNNVD	id:	CNNVD-201507-041	Trust: 0.7
db:	VULHUB	id:	VHN-81641	Trust: 0.1
db:	VULMON	id:	CVE-2015-3680	Trust: 0.1

sources: ZDI: ZDI-15-284 // VULHUB: VHN-81641 // VULMON: CVE-2015-3680 // BID: 75493 // JVNDB: JVNDB-2015-003379 // CNNVD: CNNVD-201507-041 // NVD: CVE-2015-3680

REFERENCES

url:	http://support.apple.com/kb/ht204942	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/75493	Trust: 1.2
url:	http://www.securitytracker.com/id/1032760	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3680	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3680	Trust: 0.8
url:	http://support.apple.com/kb/ht201222	Trust: 0.7
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39581	Trust: 0.1

sources: ZDI: ZDI-15-284 // VULHUB: VHN-81641 // VULMON: CVE-2015-3680 // BID: 75493 // JVNDB: JVNDB-2015-003379 // CNNVD: CNNVD-201507-041 // NVD: CVE-2015-3680

CREDITS

Pawel Wylecial

Trust: 0.7

sources: ZDI: ZDI-15-284

SOURCES

db:	ZDI	id:	ZDI-15-284
db:	VULHUB	id:	VHN-81641
db:	VULMON	id:	CVE-2015-3680
db:	BID	id:	75493
db:	JVNDB	id:	JVNDB-2015-003379
db:	CNNVD	id:	CNNVD-201507-041
db:	NVD	id:	CVE-2015-3680

LAST UPDATE DATE

2025-04-13T22:01:33.463000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-284	date:	2015-07-01T00:00:00
db:	VULHUB	id:	VHN-81641	date:	2017-09-22T00:00:00
db:	VULMON	id:	CVE-2015-3680	date:	2017-09-22T00:00:00
db:	BID	id:	75493	date:	2015-07-15T00:57:00
db:	JVNDB	id:	JVNDB-2015-003379	date:	2015-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201507-041	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-3680	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-284	date:	2015-07-01T00:00:00
db:	VULHUB	id:	VHN-81641	date:	2015-07-03T00:00:00
db:	VULMON	id:	CVE-2015-3680	date:	2015-07-03T00:00:00
db:	BID	id:	75493	date:	2015-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-003379	date:	2015-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201507-041	date:	2015-07-03T00:00:00
db:	NVD	id:	CVE-2015-3680	date:	2015-07-03T01:59:36.150