Lucene search

[email protected]CVE-2015-7007

HistoryOct 23, 2015 - 9:59 p.m.

CVE-2015-7007

2015-10-2321:59:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2015-7007

script editor

apple os x

remote attack

bypass

user-confirmation

applescript

security vulnerability

nvd

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.11.0

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.11.0

References

lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html

www.rapid7.com/db/modules/exploit/osx/browser/safari_user_assisted_applescript_exec

support.apple.com/HT205375

www.exploit-db.com/exploits/38535/

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

Related for CVE-2015-7007

saint4 zdt1 packetstorm1 prion1 openvas1 securityvulns2 nessus2