ID CVE-2014-4376
Summary IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. <a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 69906
confirm http://support.apple.com/kb/HT6443
misc https://code.google.com/p/google-security-research/issues/detail?id=31
sectrack 1030868
xf macosx-cve20144376-code-exec(96051)
Last major update 29-08-2017 - 01:34
Published 19-09-2014 - 10:55
Back to Top