Details of VAR-201510-0061

ID

VAR-201510-0061

CVE

CVE-2015-5875

TITLE

Apple OS X Memo application vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-005147

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Notes is one of the application components that modifies fonts

Trust: 2.07

sources: NVD: CVE-2015-5875 // JVNDB: JVNDB-2015-005147 // BID: 76908 // VULHUB: VHN-83836 // VULMON: CVE-2015-5875

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005147 // CNNVD: CNNVD-201510-098 // NVD: CVE-2015-5875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5875
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5875
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-098
value:	LOW
Trust: 0.6
VULHUB:	VHN-83836
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-5875
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5875
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83836
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83836 // VULMON: CVE-2015-5875 // JVNDB: JVNDB-2015-005147 // CNNVD: CNNVD-201510-098 // NVD: CVE-2015-5875

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-83836 // JVNDB: JVNDB-2015-005147 // NVD: CVE-2015-5875

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-098

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201510-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005147

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5875 // JVNDB: JVNDB-2015-005147

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5875	Trust: 2.9
db:	BID	id:	76908	Trust: 1.5
db:	SECTRACK	id:	1033703	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005147	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-098	Trust: 0.7
db:	VULHUB	id:	VHN-83836	Trust: 0.1
db:	VULMON	id:	CVE-2015-5875	Trust: 0.1

sources: VULHUB: VHN-83836 // VULMON: CVE-2015-5875 // BID: 76908 // JVNDB: JVNDB-2015-005147 // CNNVD: CNNVD-201510-098 // NVD: CVE-2015-5875

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	http://www.securityfocus.com/bid/76908	Trust: 1.3
url:	http://www.securitytracker.com/id/1033703	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5875	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5875	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-in/ht205267	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83836 // VULMON: CVE-2015-5875 // BID: 76908 // JVNDB: JVNDB-2015-005147 // CNNVD: CNNVD-201510-098 // NVD: CVE-2015-5875

CREDITS

Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of

Trust: 0.3

sources: BID: 76908

SOURCES

db:	VULHUB	id:	VHN-83836
db:	VULMON	id:	CVE-2015-5875
db:	BID	id:	76908
db:	JVNDB	id:	JVNDB-2015-005147
db:	CNNVD	id:	CNNVD-201510-098
db:	NVD	id:	CVE-2015-5875

LAST UPDATE DATE

2025-04-13T20:21:34.866000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83836	date:	2016-12-09T00:00:00
db:	VULMON	id:	CVE-2015-5875	date:	2016-12-09T00:00:00
db:	BID	id:	76908	date:	2015-12-08T22:02:00
db:	JVNDB	id:	JVNDB-2015-005147	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-098	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5875	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83836	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5875	date:	2015-10-09T00:00:00
db:	BID	id:	76908	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005147	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-098	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5875	date:	2015-10-09T05:59:16.343