Lucene search

AppleCVE-2015-3668

HistoryJul 03, 2015 - 1:59 a.m.

CVE-2015-3668

2015-07-0301:59:26

CWE-119

apple

web.nvd.nist.gov

cve-2015-3668

qt media foundation

apple quicktime

remote attack

arbitrary code execution

denial of service

memory corruption

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.2

Confidence

High

EPSS

0.527

Percentile

97.7%

JSON

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.10.3

Node

applequicktimeRange≤7.7.6

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applequicktime*cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	quicktime	*	cpe:2.3:a:apple:quicktime::::::::

References

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.apple.com/archives/security-announce/2015/Jun/msg00005.html

support.apple.com/kb/HT204942

support.apple.com/kb/HT204947

www.securityfocus.com/bid/75493

www.securitytracker.com/id/1032756

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.2

Confidence

High

EPSS

0.527

Percentile

97.7%

JSON

Related for CVE-2015-3668