Sign-up

ID

VAR-201510-0063


CVE

CVE-2015-5878


TITLE

Apple OS X Vulnerability in which important information is obtained in the memo application

Trust: 0.8

sources: JVNDB: JVNDB-2015-005149

DESCRIPTION

Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Notes is one of the application components that modifies fonts. The vulnerability is caused by the program not correctly parsing links. A local attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.07

sources: NVD: CVE-2015-5878 // JVNDB: JVNDB-2015-005149 // BID: 76908 // VULHUB: VHN-83839 // VULMON: CVE-2015-5878

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005149 // CNNVD: CNNVD-201510-100 // NVD: CVE-2015-5878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5878
value: LOW

Trust: 1.0

NVD: CVE-2015-5878
value: LOW

Trust: 0.8

CNNVD: CNNVD-201510-100
value: LOW

Trust: 0.6

VULHUB: VHN-83839
value: LOW

Trust: 0.1

VULMON: CVE-2015-5878
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-5878
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83839
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83839 // VULMON: CVE-2015-5878 // JVNDB: JVNDB-2015-005149 // CNNVD: CNNVD-201510-100 // NVD: CVE-2015-5878

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-83839 // JVNDB: JVNDB-2015-005149 // NVD: CVE-2015-5878

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-100

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005149

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple OS X Notes Fixes for component information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57953
Trust: 0.6
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5878 // 
            
            
            
            JVNDB: JVNDB-2015-005149 // 
            
            
            
            CNNVD: CNNVD-201510-100

EXTERNAL IDS
db:NVDid:CVE-2015-5878
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005149
Trust: 0.8
db:CNNVDid:CNNVD-201510-100
Trust: 0.7
db:VULHUBid:VHN-83839
Trust: 0.1
db:VULMONid:CVE-2015-5878
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83839 // 
            
            
            
            VULMON: CVE-2015-5878 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005149 // 
            
            
            
            CNNVD: CNNVD-201510-100 // 
            
            
            
            NVD: CVE-2015-5878

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5878
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5878
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83839 // 
            
            
            
            VULMON: CVE-2015-5878 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005149 // 
            
            
            
            CNNVD: CNNVD-201510-100 // 
            
            
            
            NVD: CVE-2015-5878

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83839
db:VULMONid:CVE-2015-5878
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005149
db:CNNVDid:CNNVD-201510-100
db:NVDid:CVE-2015-5878

LAST UPDATE DATE
2025-04-13T19:44:50.626000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83839date:2016-12-09T00:00:00
db:VULMONid:CVE-2015-5878date:2016-12-09T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005149date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-100date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5878date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83839date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5878date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005149date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-100date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5878date:2015-10-09T05:59:18.280