Sign-up

ID

VAR-201510-0189


CVE

CVE-2015-7032


TITLE

plural Apple Vulnerability in obtaining important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-005347

DESCRIPTION

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. plural Apple The product contains a vulnerability that could capture important information.It is possible for a third party to obtain important information through crafted documents. Multiple Apple Products are prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. This issue is fixed in: Keynote 6.6 Pages 5.6 Numbers 3.6 iWork for iOS 2.6. in the United States. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7032 // JVNDB: JVNDB-2015-005347 // BID: 77104 // VULHUB: VHN-84993 // PACKETSTORM: 133995

AFFECTED PRODUCTS

vendor:applemodel:iworkscope:lteversion:2.5.4

Trust: 1.0

vendor:applemodel:keynotescope:lteversion:6.5

Trust: 1.0

vendor:applemodel:pagesscope:lteversion:5.5.3

Trust: 1.0

vendor:applemodel:numbersscope:lteversion:3.5

Trust: 1.0

vendor:applemodel:numbersscope:eqversion:3.5

Trust: 0.9

vendor:applemodel:keynotescope:eqversion:6.5

Trust: 0.9

vendor:applemodel:iworkscope:ltversion:for ios 2.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:keynotescope:ltversion:6.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:keynotescope:ltversion:6.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:numbersscope:ltversion:3.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:numbersscope:ltversion:3.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:pagesscope:ltversion:5.6 (ios 8.4 or later )

Trust: 0.8

vendor:applemodel:pagesscope:ltversion:5.6 (os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:pagesscope:eqversion:5.5.3

Trust: 0.6

vendor:applemodel:iworkscope:eqversion:2.5.4

Trust: 0.6

vendor:applemodel:pagesscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:pagesscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:pagesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:pagesscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:pagesscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:pagesscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:numbers for iosscope:eqversion:1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.4

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.2

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:keynotescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:iwork for iosscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:pagesscope:neversion:5.6

Trust: 0.3

vendor:applemodel:numbersscope:neversion:3.6

Trust: 0.3

vendor:applemodel:keynotescope:neversion:6.6

Trust: 0.3

vendor:applemodel:iwork for iosscope:neversion:2.6

Trust: 0.3

sources: BID: 77104 // JVNDB: JVNDB-2015-005347 // CNNVD: CNNVD-201510-327 // NVD: CVE-2015-7032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7032
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7032
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-327
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84993
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7032
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84993
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84993 // JVNDB: JVNDB-2015-005347 // CNNVD: CNNVD-201510-327 // NVD: CVE-2015-7032

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84993 // JVNDB: JVNDB-2015-005347 // NVD: CVE-2015-7032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-327

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005347

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html
Trust: 0.8
title:HT205373url:https://support.apple.com/en-us/HT205373
Trust: 0.8
title:HT205373url:http://support.apple.com/ja-jp/HT205373
Trust: 0.8
title:Multiple Apple Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58175
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005347 // 
            
            
            
            CNNVD: CNNVD-201510-327

EXTERNAL IDS
db:NVDid:CVE-2015-7032
Trust: 2.9
db:SECTRACKid:1033826
Trust: 1.1
db:SECTRACKid:1033825
Trust: 1.1
db:SECTRACKid:1033823
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005347
Trust: 0.8
db:CNNVDid:CNNVD-201510-327
Trust: 0.7
db:BIDid:77104
Trust: 0.4
db:VULHUBid:VHN-84993
Trust: 0.1
db:PACKETSTORMid:133995
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84993 // 
            
            
            
            BID: 77104 // 
            
            
            
            JVNDB: JVNDB-2015-005347 // 
            
            
            
            PACKETSTORM: 133995 // 
            
            
            
            CNNVD: CNNVD-201510-327 // 
            
            
            
            NVD: CVE-2015-7032

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html
Trust: 1.7
url:https://support.apple.com/ht205373
Trust: 1.7
url:http://www.securitytracker.com/id/1033823
Trust: 1.1
url:http://www.securitytracker.com/id/1033825
Trust: 1.1
url:http://www.securitytracker.com/id/1033826
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7032
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7032
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-in/ht205373
Trust: 0.3
url:http://gpgtools.org
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7034
Trust: 0.1
url:http://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3784
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7032
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7033
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84993 // 
            
            
            
            BID: 77104 // 
            
            
            
            JVNDB: JVNDB-2015-005347 // 
            
            
            
            PACKETSTORM: 133995 // 
            
            
            
            CNNVD: CNNVD-201510-327 // 
            
            
            
            NVD: CVE-2015-7032

CREDITS
Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard).
Trust: 0.3
sources:
            
            
            BID: 77104

SOURCES
db:VULHUBid:VHN-84993
db:BIDid:77104
db:JVNDBid:JVNDB-2015-005347
db:PACKETSTORMid:133995
db:CNNVDid:CNNVD-201510-327
db:NVDid:CVE-2015-7032

LAST UPDATE DATE
2025-04-13T21:26:42.400000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84993date:2016-12-08T00:00:00
db:BIDid:77104date:2015-10-16T00:00:00
db:JVNDBid:JVNDB-2015-005347date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-327date:2015-10-23T00:00:00
db:NVDid:CVE-2015-7032date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84993date:2015-10-18T00:00:00
db:BIDid:77104date:2015-10-16T00:00:00
db:JVNDBid:JVNDB-2015-005347date:2015-10-20T00:00:00
db:PACKETSTORMid:133995date:2015-10-16T01:45:00
db:CNNVDid:CNNVD-201510-327date:2015-10-19T00:00:00
db:NVDid:CVE-2015-7032date:2015-10-18T19:59:04.040