{
"id": "CVE-2014-4459",
"sourceIdentifier": "product-security@apple.com",
"published": "2014-11-18T11:59:06.747",
"lastModified": "2019-07-16T12:22:39.063",
"vulnStatus": "Analyzed",
"evaluatorComment": "CWE-416: Use After Free\n\nPer an Apple Security Advisory Apple TV before 7.0.3 was also vulnerable.\nPer an Apple Security Advisory Apple iOS before 8.1.3 was also vulnerable.\nPer an Apple Security Advisory Apple Safari before versions 8.0.1, 7.1.1 and 6.2.1 were also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document."
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de objetos de p\u00e1gina en un documento HTML."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.2.1",
"matchCriteriaId": "848C5E8F-340F-463F-91A6-AB75CA4E6E68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "DDDE5EF4-7915-4943-AA99-72DF69286739"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.0.1",
"matchCriteriaId": "8FA0AB84-C050-42CD-BFA1-EA2B70C774A9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.10.1",
"matchCriteriaId": "915153E7-23A1-4214-B59A-7CF71D3ED765"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.3",
"matchCriteriaId": "6422B418-EC35-4757-9D8F-66920733970D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.2",
"matchCriteriaId": "76E53E3D-DDAE-4716-B851-92884CBAF0E2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.3",
"matchCriteriaId": "882872DC-9FE2-4FE8-AD5D-C14BBB2CAC3A"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html",
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://support.apple.com/HT204245",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://support.apple.com/HT204246",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://support.apple.com/kb/HT6596",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/71144",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1031230",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98784",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://support.apple.com/en-us/HT204419",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT6591",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT204949",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}