CVE-2017-7015

{"id": "CVE-2017-7015", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-07-20T16:29:00.580", "references": [{"url": "http://www.securityfocus.com/bid/99882", "tags": ["VDB Entry", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1038951", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT207922", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Audio\" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file."}, {"lang": "es", "value": "Se detect\u00f3 un problema en ciertos productos de Apple. MacOS anterior a la versi\u00f3n 10.12.6 est\u00e1 afectado. El problema involucra el componente \"Audio\". Permite a los atacantes remotos obtener informaci\u00f3n confidencial de la memoria de proceso o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un archivo de audio creado"}], "lastModified": "2017-07-24T17:00:49.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EDF6EA0-1304-4C8E-B5C7-7C05A4008934", "versionEndIncluding": "10.12.5"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}