Sign-up

ID

VAR-201601-0145


CVE

CVE-2015-7092


TITLE

Apple QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-006715

DESCRIPTION

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ID3 version tags in MP3 files. By providing a malformed TXXX frame, an attacker can cause data to be written past the end of an allocated heap buffer. An attacker could leverage this to execute arbitrary code under the context of the current user. Failed exploit attempts will likely result in denial of service conditions. Versions prior to QuickTime 7.7.9 are vulnerable. NOTE: This issue was previously discussed in BID 80020 (Apple QuickTime APPLE-SA-2016-01-07-1 Multiple Memory Corruption Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-07-1 QuickTime 7.7.9 [Re-sending with a valid signature] QuickTime 7.7.9 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7085 : an anonymous researcher CVE-2015-7086 : an anonymous researcher CVE-2015-7087 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7088 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7089 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7090 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7091 : Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security CVE-2015-7092 : Jaanus Kp Clarified Security working with HP's Zero Day Initiative CVE-2015-7117 : Ryan Pentney and Richard Johnson of Cisco Talos -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWjxMiAAoJEBcWfLTuOo7t16wP/RNhjITSBZmBDZP61IOjKARD 5v69y+LkXLDNPlUkpB15Qjq3HDvZnFDwl3RSlZgAlQDO/GSqqWBnhsAEdO+5AAR1 LZqlVdERGHeeyfpuQ85waxf18O1dbg+R6SwM74SYRBXPujGQk9yT326I0X/EdXON 8upmGfzv8HvPsg712ei5YK8bumxsCh/LqM6TpA6oMF/bltaIbZ/OO3LNovZn9GQc 9taWVwP707FIjnJ7yKHzHnp6fH+79tqi5Dl0uZ7D446c7+B5ehPE7aUd29XqFrpE tgJzSDu2ZuVIz9RpC8Np+Bn8CSKqD6Kao7M5x4CVLWmpIYUpGKTIItUhvtXJ1jFY CyXXgse54w2ZG6hWE2gTmIvyn4/qVaSi8vlguEuk6IvA6kZeLdrc097OMPMPHlN/ I8T2A04Oj6rUsllf2uZih42nwve6CYpC9mh9/HLz0O+m0ue/L9HwIoto87OCmfi3 2RwyAoBLjMZUoOMLr9DjlQglQnTnNY8LjjZKRr9ug5V/tN8F051NeILDDj2vSf0q PI5JHoBD2LnJcxU+XI1JM/9amCYwBHjd94fcSp7H9BkdIzYshW4Deooc58EnjxVv 5hlwMIqqk2m911TsOjNpkVuysABoIB8hX3el3py4V+3sLoM5cVYa+FNS7+FGzG47 UJ/4c68fdMRAbGx4KfoW =ERtQ -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2015-7092 // JVNDB: JVNDB-2015-006715 // ZDI: ZDI-16-002 // BID: 80170 // VULHUB: VHN-85053 // PACKETSTORM: 135183

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:lteversion:7.7.8

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.7.9 (windows 7/windows vista)

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktimescope:eqversion:7.7.8

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.9

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.7.9

Trust: 0.3

sources: ZDI: ZDI-16-002 // BID: 80170 // JVNDB: JVNDB-2015-006715 // CNNVD: CNNVD-201601-163 // NVD: CVE-2015-7092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7092
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7092
value: MEDIUM

Trust: 0.8

ZDI: CVE-2015-7092
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201601-163
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85053
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7092
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2015-7092
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-85053
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7092
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-16-002 // VULHUB: VHN-85053 // JVNDB: JVNDB-2015-006715 // CNNVD: CNNVD-201601-163 // NVD: CVE-2015-7092

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-85053 // JVNDB: JVNDB-2015-006715 // NVD: CVE-2015-7092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-163

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201601-163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006715

PATCH
title:HT205638url:https://support.apple.com/en-us/HT205638
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-01-07-1 QuickTime 7.7.9url:http://lists.apple.com/archives/security-announce/2016/Jan/msg00000.html
Trust: 0.8
title:HT205638url:https://support.apple.com/ja-jp/HT205638
Trust: 0.8
title:Apple QuickTime Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59517
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-002 // 
            
            
            
            JVNDB: JVNDB-2015-006715 // 
            
            
            
            CNNVD: CNNVD-201601-163

EXTERNAL IDS
db:NVDid:CVE-2015-7092
Trust: 3.6
db:ZDIid:ZDI-16-002
Trust: 2.4
db:SECTRACKid:1034610
Trust: 1.1
db:JVNDBid:JVNDB-2015-006715
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3337
Trust: 0.7
db:CNNVDid:CNNVD-201601-163
Trust: 0.7
db:BIDid:80170
Trust: 0.4
db:VULHUBid:VHN-85053
Trust: 0.1
db:PACKETSTORMid:135183
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-002 // 
            
            
            
            VULHUB: VHN-85053 // 
            
            
            
            BID: 80170 // 
            
            
            
            JVNDB: JVNDB-2015-006715 // 
            
            
            
            PACKETSTORM: 135183 // 
            
            
            
            CNNVD: CNNVD-201601-163 // 
            
            
            
            NVD: CVE-2015-7092

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jan/msg00000.html
Trust: 1.7
url:https://support.apple.com/ht205638
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-16-002/
Trust: 1.7
url:http://www.securitytracker.com/id/1034610
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7092
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7092
Trust: 0.8
url:https://support.apple.com/en-us/ht205638
Trust: 0.7
url:http://www.apple.com/quicktime/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-7091
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7087
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7092
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7089
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7117
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7086
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7088
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7090
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7085
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-002 // 
            
            
            
            VULHUB: VHN-85053 // 
            
            
            
            BID: 80170 // 
            
            
            
            JVNDB: JVNDB-2015-006715 // 
            
            
            
            PACKETSTORM: 135183 // 
            
            
            
            CNNVD: CNNVD-201601-163 // 
            
            
            
            NVD: CVE-2015-7092

CREDITS
Jaanus Kp - Clarified Security
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-002

SOURCES
db:ZDIid:ZDI-16-002
db:VULHUBid:VHN-85053
db:BIDid:80170
db:JVNDBid:JVNDB-2015-006715
db:PACKETSTORMid:135183
db:CNNVDid:CNNVD-201601-163
db:NVDid:CVE-2015-7092

LAST UPDATE DATE
2025-04-13T23:03:24.585000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-002date:2016-01-08T00:00:00
db:VULHUBid:VHN-85053date:2016-12-07T00:00:00
db:BIDid:80170date:2016-01-07T00:00:00
db:JVNDBid:JVNDB-2015-006715date:2016-01-12T00:00:00
db:CNNVDid:CNNVD-201601-163date:2016-01-11T00:00:00
db:NVDid:CVE-2015-7092date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-002date:2016-01-08T00:00:00
db:VULHUBid:VHN-85053date:2016-01-09T00:00:00
db:BIDid:80170date:2016-01-07T00:00:00
db:JVNDBid:JVNDB-2015-006715date:2016-01-12T00:00:00
db:PACKETSTORMid:135183date:2016-01-08T15:15:28
db:CNNVDid:CNNVD-201601-163date:2016-01-11T00:00:00
db:NVDid:CVE-2015-7092date:2016-01-09T02:59:08.767