Details of VAR-201603-0147

ID

VAR-201603-0147

CVE

CVE-2016-1737

TITLE

Apple OS X of Carbon Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001884

DESCRIPTION

Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.11 through 10.11.3 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. These were addressed by updating LibreSSL to version 2.1.8. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195 Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551 Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab Tcl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171 OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1737 // JVNDB: JVNDB-2016-001884 // BID: 85056 // VULHUB: VHN-90556 // PACKETSTORM: 136346

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.3	Trust: 0.6

sources: JVNDB: JVNDB-2016-001884 // CNNVD: CNNVD-201603-332 // NVD: CVE-2016-1737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1737
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1737
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-332
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90556
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1737
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90556
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1737
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90556 // JVNDB: JVNDB-2016-001884 // CNNVD: CNNVD-201603-332 // NVD: CVE-2016-1737

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90556 // JVNDB: JVNDB-2016-001884 // NVD: CVE-2016-1737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-332

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-332

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001884

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	Apple OS X Carbon Fixes for arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60658	Trust: 0.6

sources: JVNDB: JVNDB-2016-001884 // CNNVD: CNNVD-201603-332

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1737	Trust: 2.9
db:	SECTRACK	id:	1035363	Trust: 1.1
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001884	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-332	Trust: 0.7
db:	SECUNIA	id:	63459	Trust: 0.6
db:	ZDI	id:	ZDI-16-206	Trust: 0.3
db:	ZDI	id:	ZDI-16-205	Trust: 0.3
db:	ZDI	id:	ZDI-16-202	Trust: 0.3
db:	BID	id:	85056	Trust: 0.3
db:	VULHUB	id:	VHN-90556	Trust: 0.1
db:	PACKETSTORM	id:	136346	Trust: 0.1

sources: VULHUB: VHN-90556 // BID: 85056 // JVNDB: JVNDB-2016-001884 // PACKETSTORM: 136346 // CNNVD: CNNVD-201603-332 // NVD: CVE-2016-1737

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.1
url:	http://www.securitytracker.com/id/1035363	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1737	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1737	Trust: 0.8
url:	https://support.apple.com/en-us/ht206167	Trust: 0.6
url:	http://secunia.com/advisories/63459	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-202	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-205	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-206	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0777	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8659	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8035	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0801	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8242	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8126	Trust: 0.1
url:	https://support.apple.com/kb/ht206171	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1732	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5312	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7500	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9495	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5334	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1736	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5333	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1738	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1737	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0973	Trust: 0.1

sources: VULHUB: VHN-90556 // BID: 85056 // JVNDB: JVNDB-2016-001884 // PACKETSTORM: 136346 // CNNVD: CNNVD-201603-332 // NVD: CVE-2016-1737

CREDITS

Proteas of Qihoo 360 Nirvan Team, Andrea Barisani and Andrej Rosano of Inverse Path, beist and ABH of BoB, Jeonghoon Shin@A.D.D, HappilyCoded, Ian Beer of Google Project Zero, sweetchip of Grayhash, Piotr Bania of Cisco Talos, Peter Pi, Juwei Lin , Matthe

Trust: 0.3

sources: BID: 85056

SOURCES

db:	VULHUB	id:	VHN-90556
db:	BID	id:	85056
db:	JVNDB	id:	JVNDB-2016-001884
db:	PACKETSTORM	id:	136346
db:	CNNVD	id:	CNNVD-201603-332
db:	NVD	id:	CVE-2016-1737

LAST UPDATE DATE

2025-04-13T20:36:03.928000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90556	date:	2016-12-03T00:00:00
db:	BID	id:	85056	date:	2016-07-05T21:57:00
db:	JVNDB	id:	JVNDB-2016-001884	date:	2016-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201603-332	date:	2016-03-24T00:00:00
db:	NVD	id:	CVE-2016-1737	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90556	date:	2016-03-24T00:00:00
db:	BID	id:	85056	date:	2016-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-001884	date:	2016-03-28T00:00:00
db:	PACKETSTORM	id:	136346	date:	2016-03-22T15:18:02
db:	CNNVD	id:	CNNVD-201603-332	date:	2016-03-23T00:00:00
db:	NVD	id:	CVE-2016-1737	date:	2016-03-24T01:59:09.903