Sign-up

ID

VAR-201607-0344


CVE

CVE-2016-4600


TITLE

Apple OS X of QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004010

DESCRIPTION

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. QuickTime is one of the multimedia playback components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following: apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4621 : an anonymous researcher libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900 OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-4600 // JVNDB: JVNDB-2016-004010 // BID: 91824 // VULHUB: VHN-93419 // PACKETSTORM: 137958

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

sources: BID: 91824 // JVNDB: JVNDB-2016-004010 // NVD: CVE-2016-4600 // CNNVD: CNNVD-201607-862

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-4600
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201607-862
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93419
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-4600
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-93419
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-4600
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93419 // JVNDB: JVNDB-2016-004010 // NVD: CVE-2016-4600 // CNNVD: CNNVD-201607-862

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93419 // JVNDB: JVNDB-2016-004010 // NVD: CVE-2016-4600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-862

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201607-862

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-4600

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/ht201222
Trust: 0.8
title:APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html
Trust: 0.8
title:HT206903url:https://support.apple.com/en-us/ht206903
Trust: 0.8
title:HT206903url:https://support.apple.com/ja-jp/ht206903
Trust: 0.8
title:Apple OS X QuickTime Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63222
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004010 // 
            
            
            
            CNNVD: CNNVD-201607-862

EXTERNAL IDS
db:NVDid:CVE-2016-4600
Trust: 2.9
db:BIDid:91824
Trust: 1.4
db:SECTRACKid:1036348
Trust: 1.1
db:JVNid:JVNVU94844193
Trust: 0.8
db:JVNDBid:JVNDB-2016-004010
Trust: 0.8
db:CNNVDid:CNNVD-201607-862
Trust: 0.7
db:ZDIid:ZDI-16-496
Trust: 0.3
db:ZDIid:ZDI-16-437
Trust: 0.3
db:ZDIid:ZDI-16-431
Trust: 0.3
db:ZDIid:ZDI-16-435
Trust: 0.3
db:VULHUBid:VHN-93419
Trust: 0.1
db:PACKETSTORMid:137958
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93419 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004010 // 
            
            
            
            PACKETSTORM: 137958 // 
            
            
            
            NVD: CVE-2016-4600 // 
            
            
            
            CNNVD: CNNVD-201607-862

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html
Trust: 1.7
url:https://support.apple.com/ht206903
Trust: 1.7
url:http://www.securityfocus.com/bid/91824
Trust: 1.1
url:http://www.securitytracker.com/id/1036348
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4600
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94844193/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4600
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-431/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-435/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-437/
Trust: 0.3
url:apple os x acmp4aacbasedecoder out-of-bounds read information disclosure vulnerability
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-496/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-2107
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0718
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4599
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-2109
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4601
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-2106
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4449
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4483
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1836
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4600
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1865
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4597
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4596
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4447
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1863
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4582
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-2108
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4595
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1864
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-9862
Trust: 0.1
url:http://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4607
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-2105
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4448
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4598
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1684
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4602
Trust: 0.1
url:https://support.apple.com/kb/ht206900
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-2176
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4594
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93419 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004010 // 
            
            
            
            PACKETSTORM: 137958 // 
            
            
            
            NVD: CVE-2016-4600 // 
            
            
            
            CNNVD: CNNVD-201607-862

CREDITS
Jonathan Lewis from DeARX Services (PTY) LTD, Ke Liu of Tencent's Xuanwu Lab, Ian Beer of Google Project Zero, Tyler Bohan of Cisco Talos, Stefan Esser of SektionEins, Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative, Abhinav Bansa
Trust: 0.3
sources:
            
            
            BID: 91824

SOURCES
db:VULHUBid:VHN-93419
db:BIDid:91824
db:JVNDBid:JVNDB-2016-004010
db:PACKETSTORMid:137958
db:NVDid:CVE-2016-4600
db:CNNVDid:CNNVD-201607-862

LAST UPDATE DATE
2023-12-18T10:43:43.868000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93419date:2017-09-01T00:00:00
db:BIDid:91824date:2016-08-29T19:00:00
db:JVNDBid:JVNDB-2016-004010date:2016-07-28T00:00:00
db:NVDid:CVE-2016-4600date:2017-09-01T01:29:24.773
db:CNNVDid:CNNVD-201607-862date:2016-07-26T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-93419date:2016-07-22T00:00:00
db:BIDid:91824date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004010date:2016-07-28T00:00:00
db:PACKETSTORMid:137958date:2016-07-19T19:45:20
db:NVDid:CVE-2016-4600date:2016-07-22T02:59:23.990
db:CNNVDid:CNNVD-201607-862date:2016-07-26T00:00:00