var-201508-0428
Vulnerability from variot
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. Office Viewer is one of the ActiveX components for displaying and interacting with Microsoft Office files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following:
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team
Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "iwork",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.4"
},
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipod touch first 5 after generation )"
},
{
"model": "iwork",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for ios 2.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (ios 8.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.4"
},
{
"model": "iwork",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.5"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:iwork",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:keynote",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:numbers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:pages",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
},
"cve": "CVE-2015-3784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3784",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81745",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3784",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3784",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-324",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. \nAttackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. \nVersions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. Office Viewer is one of the ActiveX components for displaying and interacting with Microsoft Office files. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and\niWork for iOS 2.6\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now\navailable which address the following:\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\ncompromise of user information\nDescription: Multiple input validation issues existed in parsing a\nmaliciously crafted document. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \nCVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted document. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7033 : Felix Groebert of the Google Security Team\n\nPages\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted Pages document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted Pages document. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7034 : Felix Groebert of the Google Security Team\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may\nbe obtained from the App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G\nLDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE\n9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l\nieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I\nPtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd\n5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX\nUyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6\nDY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI\nxjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1\nHn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i\n/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi\nikrC4CqPxEcf3lk6bXKi\n=Zci4\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "PACKETSTORM",
"id": "133995"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3784",
"trust": 2.9
},
{
"db": "BID",
"id": "76343",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1033275",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92655282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133995",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81745",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"id": "VAR-201508-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:28:22.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"title": "APPLE-SA-2015-08-13-3 iOS 8.4.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205373"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT205031"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205373"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205031"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/76343"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205030"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205373"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033275"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3784"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92655282/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3784"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht205221"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7034"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7033"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81745"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76343"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"date": "2015-10-16T01:45:00",
"db": "PACKETSTORM",
"id": "133995"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"date": "2015-08-16T23:59:56.923000",
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81745"
},
{
"date": "2016-07-06T13:27:00",
"db": "BID",
"id": "76343"
},
{
"date": "2015-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-324"
},
{
"date": "2024-11-21T02:29:50.950000",
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and OS X of Office Viewer Vulnerable to reading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…