Details of VAR-201508-0047

ID

VAR-201508-0047

CVE

CVE-2015-5777

TITLE

Apple iOS and OS X of CoreMedia Playback Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004254

DESCRIPTION

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. Apple Mac OS X and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States

Trust: 2.07

sources: NVD: CVE-2015-5777 // JVNDB: JVNDB-2015-004254 // BID: 76343 // VULHUB: VHN-83738 // VULMON: CVE-2015-5777

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	8.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 0.6
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 76343 // JVNDB: JVNDB-2015-004254 // CNNVD: CNNVD-201508-307 // NVD: CVE-2015-5777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5777
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5777
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201508-307
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83738
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-5777
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5777
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83738
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83738 // VULMON: CVE-2015-5777 // JVNDB: JVNDB-2015-004254 // CNNVD: CNNVD-201508-307 // NVD: CVE-2015-5777

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-83738 // JVNDB: JVNDB-2015-004254 // NVD: CVE-2015-5777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-307

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004254

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-08-13-3 iOS 8.4.1	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/en-us/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/en-us/HT205031	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/ja-jp/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/ja-jp/HT205031	Trust: 0.8
title:	osxupd10.10.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197	Trust: 0.6
title:	iPhone7,1_8.4.1_12H321_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198	Trust: 0.6
title:	Apple: Apple TV 7.2.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7fd0c8e5493266a37a14d1b8b5c5ece7	Trust: 0.1
title:	Apple: iOS 8.4.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1e360caea44107f4b635ae5265ed4e38	Trust: 0.1
title:	Apple: OS X Yosemite v10.10.5 and Security Update 2015-006	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906	Trust: 0.1

sources: VULMON: CVE-2015-5777 // JVNDB: JVNDB-2015-004254 // CNNVD: CNNVD-201508-307

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5777	Trust: 2.9
db:	BID	id:	76343	Trust: 2.1
db:	SECTRACK	id:	1033275	Trust: 1.2
db:	JVN	id:	JVNVU94440136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004254	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-307	Trust: 0.7
db:	VULHUB	id:	VHN-83738	Trust: 0.1
db:	VULMON	id:	CVE-2015-5777	Trust: 0.1

sources: VULHUB: VHN-83738 // VULMON: CVE-2015-5777 // BID: 76343 // JVNDB: JVNDB-2015-004254 // CNNVD: CNNVD-201508-307 // NVD: CVE-2015-5777

REFERENCES

url:	http://www.securityfocus.com/bid/76343	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html	Trust: 1.8
url:	https://support.apple.com/kb/ht205030	Trust: 1.8
url:	https://support.apple.com/kb/ht205031	Trust: 1.8
url:	http://www.securitytracker.com/id/1033275	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5777	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94440136/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5777	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht205221	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-fontparser-cve-2015-5756	Trust: 0.1
url:	https://support.apple.com/kb/ht205795	Trust: 0.1

sources: VULHUB: VHN-83738 // VULMON: CVE-2015-5777 // BID: 76343 // JVNDB: JVNDB-2015-004254 // CNNVD: CNNVD-201508-307 // NVD: CVE-2015-5777

CREDITS

Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.

Trust: 0.6

sources: CNNVD: CNNVD-201508-307

SOURCES

db:	VULHUB	id:	VHN-83738
db:	VULMON	id:	CVE-2015-5777
db:	BID	id:	76343
db:	JVNDB	id:	JVNDB-2015-004254
db:	CNNVD	id:	CNNVD-201508-307
db:	NVD	id:	CVE-2015-5777

LAST UPDATE DATE

2025-04-13T19:46:53.038000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83738	date:	2016-12-24T00:00:00
db:	BID	id:	76343	date:	2016-07-06T13:27:00
db:	JVNDB	id:	JVNDB-2015-004254	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-307	date:	2015-08-21T00:00:00
db:	NVD	id:	CVE-2015-5777	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83738	date:	2015-08-17T00:00:00
db:	BID	id:	76343	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004254	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-307	date:	2015-08-18T00:00:00
db:	NVD	id:	CVE-2015-5777	date:	2015-08-17T00:01:01.283