Sign-up

ID

VAR-201508-0055


CVE

CVE-2015-5786


TITLE

Apple QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004430

DESCRIPTION

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. Apple QuickTime is prone to a remote memory-corruption vulnerability. Versions prior to QuickTime 7.7.8 running on Windows 7 and Windows Vista are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-20-1 QuickTime 7.7.8 QuickTime 7.7.8 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz CVE-2015-5779 : Apple CVE-2015-5785 : Fortinet's FortiGuard Labs CVE-2015-5786 : Ryan Pentney and Richard Johnson of Cisco Talos QuickTime 7.7.8 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ You may also update to the latest version of QuickTime via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV1jY/AAoJEBcWfLTuOo7tr4kQAImgsVXAO5Ad2RAPUiBiEHND 4rIQh9GAl3g2OOacqLk752+pz/CSHZYA1X1fKXHCqF7ynfHSQjC656e6f13RI3qP /jGpG3YshNiCYhAZ7ZloweX4DvwFNXw8s/YU689XPRsiEevExYnQWRY5xUmlcJ53 PquSAgoMpLFUwE2fl0wkCNObfKYaq+qSnaKkzo9B/qPlk9k+eqs4FI6/6GCNnekk TYtniCc66kswfcl2BjQdjEXzEIINSHSO0wRceRCIM0zxGhOP4oTB6pls3D7PJZND DgN9PZsT7DHj/N6gfAYxwm8/mBuVjeRYyL9Jg0T4VLWt3CQimrnTdQOylXBbHmOJ 9mdHaxPDyd3BmkGgHyDDkClGVU7j0zBBrRLYWA+YSlp1kZY0L8zkkneeYLn33/H1 1eRhJxaDVsFunxim8t9fnMrwwDv7a5vMTVBw0TzAfSqt2opKn+gT/KMkyBQyMexd PZmROYxLi8SaA0JOP7WIrHBzpUYu3PezagUV+cyYZeX7/Pt44cZabNHLevVjtMw1 8IHdyvZl9h1TA9RtYhb/Btb88aj7udd2TXlT9IF88DYvlNraQOVj5xKMhQLR7G0V F0rU+KN9e4Xon8KfVg/qWwe8bv63NlvMRBg7x/uy3pRxXTpo3h+Kyc8GOuiEXx4J 7RGEq7KIofT9es1sfO5u =ThbL -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-5786 // JVNDB: JVNDB-2015-004430 // BID: 76444 // VULHUB: VHN-83747 // PACKETSTORM: 133268

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:lteversion:7.7.7

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.7

Trust: 0.9

vendor:applemodel:quicktimescope:ltversion:7.7.8 (windows 7/windows vista)

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.9.1

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.7.5

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

vendor:applemodel:quicktimescope:neversion:7.7.8

Trust: 0.3

sources: BID: 76444 // JVNDB: JVNDB-2015-004430 // CNNVD: CNNVD-201508-502 // NVD: CVE-2015-5786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5786
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5786
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-502
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83747
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5786
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83747
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83747 // JVNDB: JVNDB-2015-004430 // CNNVD: CNNVD-201508-502 // NVD: CVE-2015-5786

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83747 // JVNDB: JVNDB-2015-004430 // NVD: CVE-2015-5786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-502

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-502

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004430

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-08-20-1 QuickTime 7.7.8url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html
Trust: 0.8
title:HT205046url:http://support.apple.com/en-us/HT205046
Trust: 0.8
title:HT205046url:https://support.apple.com/ja-jp/HT205046
Trust: 0.8
title:QuickTime-7.7.8url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57420
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-004430 // 
            
            
            
            CNNVD: CNNVD-201508-502

EXTERNAL IDS
db:NVDid:CVE-2015-5786
Trust: 2.9
db:SECTRACKid:1033346
Trust: 1.1
db:BIDid:76444
Trust: 1.0
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNDBid:JVNDB-2015-004430
Trust: 0.8
db:CNNVDid:CNNVD-201508-502
Trust: 0.7
db:VULHUBid:VHN-83747
Trust: 0.1
db:PACKETSTORMid:133268
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83747 // 
            
            
            
            BID: 76444 // 
            
            
            
            JVNDB: JVNDB-2015-004430 // 
            
            
            
            PACKETSTORM: 133268 // 
            
            
            
            CNNVD: CNNVD-201508-502 // 
            
            
            
            NVD: CVE-2015-5786

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00004.html
Trust: 1.7
url:https://support.apple.com/ht205046
Trust: 1.7
url:http://www.securitytracker.com/id/1033346
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5786
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5786
Trust: 0.8
url:http://www.securityfocus.com/bid/76444
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:https://support.apple.com/en-in/ht205046
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-3790
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3792
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3788
Trust: 0.1
url:http://www.apple.com/quicktime/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3791
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5785
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5779
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5751
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5786
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3789
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83747 // 
            
            
            
            BID: 76444 // 
            
            
            
            JVNDB: JVNDB-2015-004430 // 
            
            
            
            PACKETSTORM: 133268 // 
            
            
            
            CNNVD: CNNVD-201508-502 // 
            
            
            
            NVD: CVE-2015-5786

CREDITS
Ryan Pentney and Richard Johnson of Cisco Talos.
Trust: 0.9
sources:
            
            
            BID: 76444 // 
            
            
            
            CNNVD: CNNVD-201508-502

SOURCES
db:VULHUBid:VHN-83747
db:BIDid:76444
db:JVNDBid:JVNDB-2015-004430
db:PACKETSTORMid:133268
db:CNNVDid:CNNVD-201508-502
db:NVDid:CVE-2015-5786

LAST UPDATE DATE
2025-04-13T22:44:39.541000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83747date:2016-12-24T00:00:00
db:BIDid:76444date:2015-08-20T00:00:00
db:JVNDBid:JVNDB-2015-004430date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-502date:2015-08-27T00:00:00
db:NVDid:CVE-2015-5786date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83747date:2015-08-25T00:00:00
db:BIDid:76444date:2015-08-20T00:00:00
db:JVNDBid:JVNDB-2015-004430date:2015-08-26T00:00:00
db:PACKETSTORMid:133268date:2015-08-23T20:06:35
db:CNNVDid:CNNVD-201508-502date:2015-08-24T00:00:00
db:NVDid:CVE-2015-5786date:2015-08-25T01:59:09.820