Details of VAR-201504-0114

ID

VAR-201504-0114

CVE

CVE-2015-1098

TITLE

Apple iOS and Apple OS X of iWork Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-002134

DESCRIPTION

iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. Apple Mac OS X and iOS is prone to multiple security vulnerabilities. Attackers may exploit these issues to bypass certain security restrictions or execute arbitrary code in the context of the application. Failed exploit attempts may result in denial-of-service conditions. Apple iOS is an operating system developed by Apple for mobile devices. iWork is one of those office software suites. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple OS X 10.8.5 and earlier, 10.9.5 and earlier, and 10.10.2 and earlier

Trust: 1.98

sources: NVD: CVE-2015-1098 // JVNDB: JVNDB-2015-002134 // BID: 73984 // VULHUB: VHN-79058

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 1.4
vendor:	apple	model:	iphone os	scope:	lt	version:	8.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.2	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.2	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 73984 // JVNDB: JVNDB-2015-002134 // CNNVD: CNNVD-201504-124 // NVD: CVE-2015-1098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1098
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-1098
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-124
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79058
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1098
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79058
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-1098
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-79058 // JVNDB: JVNDB-2015-002134 // CNNVD: CNNVD-201504-124 // NVD: CVE-2015-1098

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-79058 // NVD: CVE-2015-1098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-124

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201504-124

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002134

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/en-us/HT204659	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/ja-jp/HT204659	Trust: 0.8
title:	OSXUpd10.10.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54848	Trust: 0.6
title:	iPhone7,1_8.3_12F70_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54847	Trust: 0.6
title:	AppleTV3,2_7.2_12F69_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54849	Trust: 0.6

sources: JVNDB: JVNDB-2015-002134 // CNNVD: CNNVD-201504-124

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1098	Trust: 2.8
db:	BID	id:	73984	Trust: 1.4
db:	SECTRACK	id:	1032048	Trust: 1.1
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002134	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-124	Trust: 0.7
db:	VULHUB	id:	VHN-79058	Trust: 0.1

sources: VULHUB: VHN-79058 // BID: 73984 // JVNDB: JVNDB-2015-002134 // CNNVD: CNNVD-201504-124 // NVD: CVE-2015-1098

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht204659	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	http://www.securityfocus.com/bid/73984	Trust: 1.1
url:	http://www.securitytracker.com/id/1032048	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1098	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1098	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3

sources: VULHUB: VHN-79058 // BID: 73984 // JVNDB: JVNDB-2015-002134 // CNNVD: CNNVD-201504-124 // NVD: CVE-2015-1098

CREDITS

Marc Schoenefeld, Christopher Hickstein, Luigi Galli, Diego Torres and Niklas Keller

Trust: 0.3

sources: BID: 73984

SOURCES

db:	VULHUB	id:	VHN-79058
db:	BID	id:	73984
db:	JVNDB	id:	JVNDB-2015-002134
db:	CNNVD	id:	CNNVD-201504-124
db:	NVD	id:	CVE-2015-1098

LAST UPDATE DATE

2024-11-23T20:17:05.642000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79058	date:	2019-09-27T00:00:00
db:	BID	id:	73984	date:	2015-07-15T00:04:00
db:	JVNDB	id:	JVNDB-2015-002134	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-124	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2015-1098	date:	2024-11-21T02:24:39.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79058	date:	2015-04-10T00:00:00
db:	BID	id:	73984	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002134	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-124	date:	2015-04-13T00:00:00
db:	NVD	id:	CVE-2015-1098	date:	2015-04-10T14:59:14.500