Sign-up

ID

VAR-201507-0454


CVE

CVE-2015-3691


TITLE

Apple OS X of Display Drivers Subsystem Monitor Control Command Set Kernel extension vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-003424

DESCRIPTION

The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4

Trust: 2.07

sources: NVD: CVE-2015-3691 // JVNDB: JVNDB-2015-003424 // BID: 75493 // VULHUB: VHN-81652 // VULMON: CVE-2015-3691

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 0.6

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003424 // CNNVD: CNNVD-201507-052 // NVD: CVE-2015-3691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3691
value: HIGH

Trust: 1.0

NVD: CVE-2015-3691
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201507-052
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81652
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3691
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3691
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81652
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81652 // VULMON: CVE-2015-3691 // JVNDB: JVNDB-2015-003424 // CNNVD: CNNVD-201507-052 // NVD: CVE-2015-3691

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-81652 // JVNDB: JVNDB-2015-003424 // NVD: CVE-2015-3691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-052

TYPE

Unknown

Trust: 0.3

sources: BID: 75493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003424

PATCH
title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Trust: 0.8
title:HT204942url:http://support.apple.com/en-us/HT204942
Trust: 0.8
title:HT204942url:http://support.apple.com/ja-jp/HT204942
Trust: 0.8
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3691 // 
            
            
            
            JVNDB: JVNDB-2015-003424 // 
            
            
            
            CNNVD: CNNVD-201507-052

EXTERNAL IDS
db:NVDid:CVE-2015-3691
Trust: 2.9
db:BIDid:75493
Trust: 1.5
db:SECTRACKid:1032760
Trust: 1.2
db:JVNDBid:JVNDB-2015-003424
Trust: 0.8
db:CNNVDid:CNNVD-201507-052
Trust: 0.7
db:VULHUBid:VHN-81652
Trust: 0.1
db:VULMONid:CVE-2015-3691
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81652 // 
            
            
            
            VULMON: CVE-2015-3691 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003424 // 
            
            
            
            CNNVD: CNNVD-201507-052 // 
            
            
            
            NVD: CVE-2015-3691

REFERENCES
url:http://support.apple.com/kb/ht204942
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html
Trust: 1.8
url:http://www.securityfocus.com/bid/75493
Trust: 1.2
url:http://www.securitytracker.com/id/1032760
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3691
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3691
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81652 // 
            
            
            
            VULMON: CVE-2015-3691 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003424 // 
            
            
            
            CNNVD: CNNVD-201507-052 // 
            
            
            
            NVD: CVE-2015-3691

CREDITS
Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea
Trust: 0.3
sources:
            
            
            BID: 75493

SOURCES
db:VULHUBid:VHN-81652
db:VULMONid:CVE-2015-3691
db:BIDid:75493
db:JVNDBid:JVNDB-2015-003424
db:CNNVDid:CNNVD-201507-052
db:NVDid:CVE-2015-3691

LAST UPDATE DATE
2025-04-13T22:54:40.003000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81652date:2017-09-22T00:00:00
db:VULMONid:CVE-2015-3691date:2017-09-22T00:00:00
db:BIDid:75493date:2015-07-15T00:57:00
db:JVNDBid:JVNDB-2015-003424date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-052date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3691date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81652date:2015-07-03T00:00:00
db:VULMONid:CVE-2015-3691date:2015-07-03T00:00:00
db:BIDid:75493date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003424date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-052date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3691date:2015-07-03T01:59:45.900