VAR-201601-0145
Vulnerability from variot - Updated: 2025-04-13 23:03Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ID3 version tags in MP3 files. By providing a malformed TXXX frame, an attacker can cause data to be written past the end of an allocated heap buffer. An attacker could leverage this to execute arbitrary code under the context of the current user. Failed exploit attempts will likely result in denial of service conditions. Versions prior to QuickTime 7.7.9 are vulnerable. NOTE: This issue was previously discussed in BID 80020 (Apple QuickTime APPLE-SA-2016-01-07-1 Multiple Memory Corruption Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-01-07-1 QuickTime 7.7.9
[Re-sending with a valid signature]
QuickTime 7.7.9 is now available and addresses the following:
QuickTime Available for: Windows 7 and Windows Vista Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7085 : an anonymous researcher CVE-2015-7086 : an anonymous researcher CVE-2015-7087 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7088 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7089 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7090 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-7091 : Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security CVE-2015-7092 : Jaanus Kp Clarified Security working with HP's Zero Day Initiative CVE-2015-7117 : Ryan Pentney and Richard Johnson of Cisco Talos
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWjxMiAAoJEBcWfLTuOo7t16wP/RNhjITSBZmBDZP61IOjKARD 5v69y+LkXLDNPlUkpB15Qjq3HDvZnFDwl3RSlZgAlQDO/GSqqWBnhsAEdO+5AAR1 LZqlVdERGHeeyfpuQ85waxf18O1dbg+R6SwM74SYRBXPujGQk9yT326I0X/EdXON 8upmGfzv8HvPsg712ei5YK8bumxsCh/LqM6TpA6oMF/bltaIbZ/OO3LNovZn9GQc 9taWVwP707FIjnJ7yKHzHnp6fH+79tqi5Dl0uZ7D446c7+B5ehPE7aUd29XqFrpE tgJzSDu2ZuVIz9RpC8Np+Bn8CSKqD6Kao7M5x4CVLWmpIYUpGKTIItUhvtXJ1jFY CyXXgse54w2ZG6hWE2gTmIvyn4/qVaSi8vlguEuk6IvA6kZeLdrc097OMPMPHlN/ I8T2A04Oj6rUsllf2uZih42nwve6CYpC9mh9/HLz0O+m0ue/L9HwIoto87OCmfi3 2RwyAoBLjMZUoOMLr9DjlQglQnTnNY8LjjZKRr9ug5V/tN8F051NeILDDj2vSf0q PI5JHoBD2LnJcxU+XI1JM/9amCYwBHjd94fcSp7H9BkdIzYshW4Deooc58EnjxVv 5hlwMIqqk2m911TsOjNpkVuysABoIB8hX3el3py4V+3sLoM5cVYa+FNS7+FGzG47 UJ/4c68fdMRAbGx4KfoW =ERtQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0145",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.8"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.9 (windows 7/windows vista)"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.9"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "BID",
"id": "80170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jaanus Kp - Clarified Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
}
],
"trust": 0.7
},
"cve": "CVE-2015-7092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85053",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2015-7092",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7092",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7092",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2015-7092",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-163",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85053",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of ID3 version tags in MP3 files. By providing a malformed TXXX frame, an attacker can cause data to be written past the end of an allocated heap buffer. An attacker could leverage this to execute arbitrary code under the context of the current user. Failed exploit attempts will likely result in denial of service conditions. \nVersions prior to QuickTime 7.7.9 are vulnerable. \nNOTE: This issue was previously discussed in BID 80020 (Apple QuickTime APPLE-SA-2016-01-07-1 Multiple Memory Corruption Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-01-07-1 QuickTime 7.7.9\n\n[Re-sending with a valid signature]\n\nQuickTime 7.7.9 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7 and Windows Vista\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7085 : an anonymous researcher\nCVE-2015-7086 : an anonymous researcher\nCVE-2015-7087 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-7088 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-7089 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-7090 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-7091 : Pedro Ribeiro (pedrib@gmail.com) of Agile Information\nSecurity\nCVE-2015-7092 : Jaanus Kp Clarified Security working with HP\u0027s Zero\nDay Initiative\nCVE-2015-7117 : Ryan Pentney and Richard Johnson of Cisco Talos\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWjxMiAAoJEBcWfLTuOo7t16wP/RNhjITSBZmBDZP61IOjKARD\n5v69y+LkXLDNPlUkpB15Qjq3HDvZnFDwl3RSlZgAlQDO/GSqqWBnhsAEdO+5AAR1\nLZqlVdERGHeeyfpuQ85waxf18O1dbg+R6SwM74SYRBXPujGQk9yT326I0X/EdXON\n8upmGfzv8HvPsg712ei5YK8bumxsCh/LqM6TpA6oMF/bltaIbZ/OO3LNovZn9GQc\n9taWVwP707FIjnJ7yKHzHnp6fH+79tqi5Dl0uZ7D446c7+B5ehPE7aUd29XqFrpE\ntgJzSDu2ZuVIz9RpC8Np+Bn8CSKqD6Kao7M5x4CVLWmpIYUpGKTIItUhvtXJ1jFY\nCyXXgse54w2ZG6hWE2gTmIvyn4/qVaSi8vlguEuk6IvA6kZeLdrc097OMPMPHlN/\nI8T2A04Oj6rUsllf2uZih42nwve6CYpC9mh9/HLz0O+m0ue/L9HwIoto87OCmfi3\n2RwyAoBLjMZUoOMLr9DjlQglQnTnNY8LjjZKRr9ug5V/tN8F051NeILDDj2vSf0q\nPI5JHoBD2LnJcxU+XI1JM/9amCYwBHjd94fcSp7H9BkdIzYshW4Deooc58EnjxVv\n5hlwMIqqk2m911TsOjNpkVuysABoIB8hX3el3py4V+3sLoM5cVYa+FNS7+FGzG47\nUJ/4c68fdMRAbGx4KfoW\n=ERtQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7092"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "BID",
"id": "80170"
},
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "PACKETSTORM",
"id": "135183"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7092",
"trust": 3.6
},
{
"db": "ZDI",
"id": "ZDI-16-002",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1034610",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3337",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163",
"trust": 0.7
},
{
"db": "BID",
"id": "80170",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85053",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135183",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "BID",
"id": "80170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "PACKETSTORM",
"id": "135183"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"id": "VAR-201601-0145",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85053"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:03:24.585000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT205638",
"trust": 1.5,
"url": "https://support.apple.com/en-us/HT205638"
},
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-01-07-1 QuickTime 7.7.9",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00000.html"
},
{
"title": "HT205638",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205638"
},
{
"title": "Apple QuickTime Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59517"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205638"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-002/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034610"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7092"
},
{
"trust": 0.7,
"url": "https://support.apple.com/en-us/ht205638"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7117"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7090"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7085"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "BID",
"id": "80170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "PACKETSTORM",
"id": "135183"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"db": "VULHUB",
"id": "VHN-85053"
},
{
"db": "BID",
"id": "80170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"db": "PACKETSTORM",
"id": "135183"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-08T00:00:00",
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"date": "2016-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-85053"
},
{
"date": "2016-01-07T00:00:00",
"db": "BID",
"id": "80170"
},
{
"date": "2016-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"date": "2016-01-08T15:15:28",
"db": "PACKETSTORM",
"id": "135183"
},
{
"date": "2016-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"date": "2016-01-09T02:59:08.767000",
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-08T00:00:00",
"db": "ZDI",
"id": "ZDI-16-002"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85053"
},
{
"date": "2016-01-07T00:00:00",
"db": "BID",
"id": "80170"
},
{
"date": "2016-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006715"
},
{
"date": "2016-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-163"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…