CVE-2015-3784 - OpenCVE

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Keynote Numbers Iwork Pages Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html	Vendor Advisory
http://www.securityfocus.com/bid/76343
http://www.securitytracker.com/id/1033275
https://support.apple.com/HT205373	Vendor Advisory
https://support.apple.com/kb/HT205030	Vendor Advisory
https://support.apple.com/kb/HT205031	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2015-08-16T23:00:00

Updated: 2016-12-22T18:57:01

Reserved: 2015-05-07T00:00:00

Link: CVE-2015-3784

JSON object: View

NVD Information

Status : Modified

Published: 2015-08-16T23:59:56.923

Modified: 2016-12-24T02:59:15.057

Link: CVE-2015-3784

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205030"}, {"name": "1033275", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033275"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "APPLE-SA-2015-08-13-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"}, {"name": "APPLE-SA-2015-10-15-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205031"}, {"name": "76343", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76343"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205373"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-3784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT205030", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205030"}, {"name": "1033275", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033275"}, {"name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "APPLE-SA-2015-08-13-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"}, {"name": "APPLE-SA-2015-10-15-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"}, {"name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031"}, {"name": "76343", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76343"}, {"name": "https://support.apple.com/HT205373", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205373"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-3784", "datePublished": "2015-08-16T23:00:00", "dateReserved": "2015-05-07T00:00:00", "dateUpdated": "2016-12-22T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906", "versionEndIncluding": "10.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D52ECBD-7375-4FC9-BE05-2354EEA1332F", "versionEndIncluding": "8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*", "matchCriteriaId": "10874393-972D-434A-A4D8-958BBE93B19A", "versionEndIncluding": "3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*", "matchCriteriaId": "A76A2649-1CD1-4F36-9C0B-5B47CDCB55CB", "versionEndIncluding": "6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE816C24-5B72-4913-8BB2-A30730631937", "versionEndIncluding": "5.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D18EAE-3E40-4E8B-8276-6A96B7874DDD", "versionEndIncluding": "2.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "Vulnerabilidad en Office Viewer en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionada con un problema de entidad externa XML (XXE)."}], "id": "CVE-2015-3784", "lastModified": "2016-12-24T02:59:15.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-16T23:59:56.923", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/76343"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1033275"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205373"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205030"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}