Sign-up

ID

VAR-201507-0458


CVE

CVE-2015-3695


TITLE

Apple OS X of Intel Graphics Driver Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-003419

DESCRIPTION

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. This vulnerability is CVE-2015-3696 , CVE-2015-3697 , CVE-2015-3698 , CVE-2015-3699 , CVE-2015-3700 , CVE-2015-3701 ,and CVE-2015-3702 This is a different vulnerability.Local users may be able to gain privileges. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. Intel Graphics Driver is one of the graphics card drivers

Trust: 2.07

sources: NVD: CVE-2015-3695 // JVNDB: JVNDB-2015-003419 // BID: 75493 // VULHUB: VHN-81656 // VULMON: CVE-2015-3695

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 0.6

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003419 // CNNVD: CNNVD-201507-056 // NVD: CVE-2015-3695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3695
value: HIGH

Trust: 1.0

NVD: CVE-2015-3695
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201507-056
value: HIGH

Trust: 0.6

VULHUB: VHN-81656
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3695
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81656
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81656 // VULMON: CVE-2015-3695 // JVNDB: JVNDB-2015-003419 // CNNVD: CNNVD-201507-056 // NVD: CVE-2015-3695

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81656 // JVNDB: JVNDB-2015-003419 // NVD: CVE-2015-3695

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201507-056

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003419

PATCH
title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Trust: 0.8
title:HT204942url:http://support.apple.com/en-us/HT204942
Trust: 0.8
title:HT204942url:http://support.apple.com/ja-jp/HT204942
Trust: 0.8
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3695 // 
            
            
            
            JVNDB: JVNDB-2015-003419 // 
            
            
            
            CNNVD: CNNVD-201507-056

EXTERNAL IDS
db:NVDid:CVE-2015-3695
Trust: 2.9
db:BIDid:75493
Trust: 1.5
db:SECTRACKid:1032760
Trust: 1.2
db:JVNDBid:JVNDB-2015-003419
Trust: 0.8
db:CNNVDid:CNNVD-201507-056
Trust: 0.7
db:VULHUBid:VHN-81656
Trust: 0.1
db:VULMONid:CVE-2015-3695
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81656 // 
            
            
            
            VULMON: CVE-2015-3695 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003419 // 
            
            
            
            CNNVD: CNNVD-201507-056 // 
            
            
            
            NVD: CVE-2015-3695

REFERENCES
url:http://support.apple.com/kb/ht204942
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html
Trust: 1.8
url:http://www.securityfocus.com/bid/75493
Trust: 1.2
url:http://www.securitytracker.com/id/1032760
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3695
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3695
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81656 // 
            
            
            
            VULMON: CVE-2015-3695 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003419 // 
            
            
            
            CNNVD: CNNVD-201507-056 // 
            
            
            
            NVD: CVE-2015-3695

CREDITS
Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea
Trust: 0.3
sources:
            
            
            BID: 75493

SOURCES
db:VULHUBid:VHN-81656
db:VULMONid:CVE-2015-3695
db:BIDid:75493
db:JVNDBid:JVNDB-2015-003419
db:CNNVDid:CNNVD-201507-056
db:NVDid:CVE-2015-3695

LAST UPDATE DATE
2025-04-13T20:51:20.106000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81656date:2017-09-22T00:00:00
db:VULMONid:CVE-2015-3695date:2017-09-22T00:00:00
db:BIDid:75493date:2015-07-15T00:57:00
db:JVNDBid:JVNDB-2015-003419date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-056date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3695date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81656date:2015-07-03T00:00:00
db:VULMONid:CVE-2015-3695date:2015-07-03T00:00:00
db:BIDid:75493date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003419date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-056date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3695date:2015-07-03T01:59:49.523