Details of VAR-201510-0191

ID

VAR-201510-0191

CVE

CVE-2015-7034

TITLE

Apple Pages and iOS for iWork An arbitrary code execution vulnerability in an application

Trust: 0.8

sources: JVNDB: JVNDB-2015-005349

DESCRIPTION

The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. Apple Pages is prone to a remote memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Both Apple iWork for iOS and Apple Pages are products of Apple. The former is a set of office software developed for the iOS operating system. The latter is a suite of word processing and page layout applications (APP). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7034 // JVNDB: JVNDB-2015-005349 // BID: 77103 // VULHUB: VHN-84995 // PACKETSTORM: 133995

AFFECTED PRODUCTS

vendor:	apple	model:	iwork	scope:	lte	version:	2.5.4	Trust: 1.0
vendor:	apple	model:	pages	scope:	lte	version:	5.5.3	Trust: 1.0
vendor:	apple	model:	iwork	scope:	lt	version:	for ios 2.6 (ios 8.4 or later )	Trust: 0.8
vendor:	apple	model:	pages	scope:	lt	version:	5.6 (ios 8.4 or later )	Trust: 0.8
vendor:	apple	model:	pages	scope:	lt	version:	5.6 (os x yosemite v10.10.4 or later )	Trust: 0.8
vendor:	apple	model:	pages	scope:	eq	version:	5.5.3	Trust: 0.6
vendor:	apple	model:	iwork	scope:	eq	version:	2.5.4	Trust: 0.6

sources: JVNDB: JVNDB-2015-005349 // CNNVD: CNNVD-201510-329 // NVD: CVE-2015-7034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7034
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7034
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-329
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84995
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7034
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84995
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84995 // JVNDB: JVNDB-2015-005349 // CNNVD: CNNVD-201510-329 // NVD: CVE-2015-7034

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-84995 // JVNDB: JVNDB-2015-005349 // NVD: CVE-2015-7034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-329

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-329

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005349

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html	Trust: 0.8
title:	HT205373	url:	https://support.apple.com/en-us/HT205373	Trust: 0.8
title:	HT205373	url:	http://support.apple.com/ja-jp/HT205373	Trust: 0.8
title:	Apple iWork for iOS Application and Apple Pages Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58177	Trust: 0.6

sources: JVNDB: JVNDB-2015-005349 // CNNVD: CNNVD-201510-329

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7034	Trust: 2.9
db:	SECTRACK	id:	1033821	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005349	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-329	Trust: 0.7
db:	BID	id:	77103	Trust: 0.4
db:	VULHUB	id:	VHN-84995	Trust: 0.1
db:	PACKETSTORM	id:	133995	Trust: 0.1

sources: VULHUB: VHN-84995 // BID: 77103 // JVNDB: JVNDB-2015-005349 // PACKETSTORM: 133995 // CNNVD: CNNVD-201510-329 // NVD: CVE-2015-7034

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html	Trust: 1.7
url:	https://support.apple.com/ht205373	Trust: 1.7
url:	http://www.securitytracker.com/id/1033821	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7034	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7034	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://gpgtools.org	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7034	Trust: 0.1
url:	http://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7033	Trust: 0.1

sources: VULHUB: VHN-84995 // BID: 77103 // JVNDB: JVNDB-2015-005349 // PACKETSTORM: 133995 // CNNVD: CNNVD-201510-329 // NVD: CVE-2015-7034

CREDITS

Felix Groebert of the Google Security Team

Trust: 0.3

sources: BID: 77103

SOURCES

db:	VULHUB	id:	VHN-84995
db:	BID	id:	77103
db:	JVNDB	id:	JVNDB-2015-005349
db:	PACKETSTORM	id:	133995
db:	CNNVD	id:	CNNVD-201510-329
db:	NVD	id:	CVE-2015-7034

LAST UPDATE DATE

2025-04-13T20:19:12.926000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84995	date:	2016-12-08T00:00:00
db:	BID	id:	77103	date:	2015-10-26T17:02:00
db:	JVNDB	id:	JVNDB-2015-005349	date:	2015-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201510-329	date:	2015-10-23T00:00:00
db:	NVD	id:	CVE-2015-7034	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84995	date:	2015-10-18T00:00:00
db:	BID	id:	77103	date:	2015-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-005349	date:	2015-10-20T00:00:00
db:	PACKETSTORM	id:	133995	date:	2015-10-16T01:45:00
db:	CNNVD	id:	CNNVD-201510-329	date:	2015-10-19T00:00:00
db:	NVD	id:	CVE-2015-7034	date:	2015-10-18T19:59:06.293