ID CVE-2016-4612
Summary ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
References
Vulnerable Configurations
CVSS
Base: None (as of 26-07-2016 - 16:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11_6.NASL
    description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 92496
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92496
    title Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id APPLETV_9_2_2.NASL
    description According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components : - CoreGraphics - ImageIO - IOAcceleratorFamily - IOHIDFamily - Kernel - libxml2 - libxslt - Sandbox Profiles - WebKit - WebKit Page Loading Note that only 4th generation models are affected by the vulnerabilities.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 92494
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92494
    title Apple TV < 9.2.2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2016-004.NASL
    description The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php (affects 10.10.5 only) - CoreGraphics - ImageIO - libxml2 - libxslt Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 92497
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92497
    title Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)
  • NASL family Windows
    NASL id ITUNES_12_4_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612) - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619) - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 92410
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92410
    title Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_12_4_2_BANNER.NASL
    description The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612) - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619) - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 92411
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92411
    title Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)
refmap via4
apple
  • APPLE-SA-2016-07-18-1
  • APPLE-SA-2016-07-18-2
  • APPLE-SA-2016-07-18-3
  • APPLE-SA-2016-07-18-4
  • APPLE-SA-2016-07-18-6
bid 91826
confirm
Last major update 28-11-2016 - 15:19
Published 21-07-2016 - 22:59
Last modified 07-06-2017 - 21:29
Back to Top