Executive Summary

Informations
Name CVE-2014-8835 First vendor Publication 2015-01-30
Vendor Cve Last vendor Modification 2017-09-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8835

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-19 Data Handling

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

Nessus® Vulnerability Scanner

Date Description
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
BID http://www.securityfocus.com/bid/71992
CONFIRM http://support.apple.com/HT204244
EXPLOIT-DB http://www.exploit-db.com/exploits/35742/
MISC http://packetstormsecurity.com/files/135701/OS-X-Sysmond-XPC-Type-Confusion-P...
https://code.google.com/p/google-security-research/issues/detail?id=121
SECTRACK http://www.securitytracker.com/id/1031650
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/100530

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:35:00
  • Multiple Updates
2021-04-22 01:42:38
  • Multiple Updates
2020-05-23 00:42:50
  • Multiple Updates
2017-09-08 09:23:14
  • Multiple Updates
2016-12-06 09:23:57
  • Multiple Updates
2015-11-23 21:25:17
  • Multiple Updates
2015-02-19 09:23:22
  • Multiple Updates
2015-02-06 09:23:04
  • Multiple Updates
2015-02-02 21:26:20
  • Multiple Updates
2015-01-30 17:22:56
  • First insertion