Sign-up

ID

VAR-201508-0428


CVE

CVE-2015-3784


TITLE

Apple iOS and OS X of Office Viewer Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-004233

DESCRIPTION

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. Office Viewer is one of the ActiveX components for displaying and interacting with Microsoft Office files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-3784 // JVNDB: JVNDB-2015-004233 // BID: 76343 // VULHUB: VHN-81745 // PACKETSTORM: 133995

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4

Trust: 1.0

vendor:applemodel:iworkscope:lteversion:2.5.4

Trust: 1.0

vendor:applemodel:keynotescope:lteversion:6.5

Trust: 1.0

vendor:applemodel:numbersscope:lteversion:3.5

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.10.4

Trust: 1.0

vendor:applemodel:pagesscope:lteversion:5.5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.4

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iworkscope:ltversion:for ios 2.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:keynotescope:ltversion:6.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:keynotescope:ltversion:6.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:numbersscope:ltversion:3.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:numbersscope:ltversion:3.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:pagesscope:ltversion:5.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:pagesscope:ltversion:5.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:iworkscope:eqversion:2.5.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 0.6

vendor:applemodel:numbersscope:eqversion:3.5

Trust: 0.6

vendor:applemodel:pagesscope:eqversion:5.5.3

Trust: 0.6

vendor:applemodel:keynotescope:eqversion:6.5

Trust: 0.6

vendor:applemodel:keynotescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 76343 // JVNDB: JVNDB-2015-004233 // CNNVD: CNNVD-201508-324 // NVD: CVE-2015-3784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3784
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3784
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-324
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3784
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81745
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81745 // JVNDB: JVNDB-2015-004233 // CNNVD: CNNVD-201508-324 // NVD: CVE-2015-3784

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81745 // JVNDB: JVNDB-2015-004233 // NVD: CVE-2015-3784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-324

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004233

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html
Trust: 0.8
title:APPLE-SA-2015-08-13-3 iOS 8.4.1url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Trust: 0.8
title:APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Trust: 0.8
title:HT205373url:https://support.apple.com/en-us/HT205373
Trust: 0.8
title:HT205030url:http://support.apple.com/en-us/HT205030
Trust: 0.8
title:HT205031url:http://support.apple.com/en-us/HT205031
Trust: 0.8
title:HT205373url:https://support.apple.com/ja-jp/HT205373
Trust: 0.8
title:HT205030url:http://support.apple.com/ja-jp/HT205030
Trust: 0.8
title:HT205031url:http://support.apple.com/ja-jp/HT205031
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004233

EXTERNAL IDS
db:NVDid:CVE-2015-3784
Trust: 2.9
db:BIDid:76343
Trust: 2.0
db:SECTRACKid:1033275
Trust: 1.1
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-004233
Trust: 0.8
db:CNNVDid:CNNVD-201508-324
Trust: 0.7
db:PACKETSTORMid:133995
Trust: 0.2
db:VULHUBid:VHN-81745
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81745 // 
            
            
            
            BID: 76343 // 
            
            
            
            JVNDB: JVNDB-2015-004233 // 
            
            
            
            PACKETSTORM: 133995 // 
            
            
            
            CNNVD: CNNVD-201508-324 // 
            
            
            
            NVD: CVE-2015-3784

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/76343
Trust: 1.7
url:https://support.apple.com/kb/ht205030
Trust: 1.7
url:https://support.apple.com/kb/ht205031
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html
Trust: 1.1
url:https://support.apple.com/ht205373
Trust: 1.1
url:http://www.securitytracker.com/id/1033275
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3784
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3784
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-us/ht205221
Trust: 0.3
url:http://gpgtools.org
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7034
Trust: 0.1
url:http://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3784
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7032
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7033
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81745 // 
            
            
            
            BID: 76343 // 
            
            
            
            JVNDB: JVNDB-2015-004233 // 
            
            
            
            PACKETSTORM: 133995 // 
            
            
            
            CNNVD: CNNVD-201508-324 // 
            
            
            
            NVD: CVE-2015-3784

CREDITS
Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201508-324

SOURCES
db:VULHUBid:VHN-81745
db:BIDid:76343
db:JVNDBid:JVNDB-2015-004233
db:PACKETSTORMid:133995
db:CNNVDid:CNNVD-201508-324
db:NVDid:CVE-2015-3784

LAST UPDATE DATE
2025-04-13T20:13:48.011000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81745date:2016-12-24T00:00:00
db:BIDid:76343date:2016-07-06T13:27:00
db:JVNDBid:JVNDB-2015-004233date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201508-324date:2015-08-18T00:00:00
db:NVDid:CVE-2015-3784date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81745date:2015-08-16T00:00:00
db:BIDid:76343date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004233date:2015-08-21T00:00:00
db:PACKETSTORMid:133995date:2015-10-16T01:45:00
db:CNNVDid:CNNVD-201508-324date:2015-08-18T00:00:00
db:NVDid:CVE-2015-3784date:2015-08-16T23:59:56.923