Vulnerabilities > CVE-2015-7007 - Unspecified vulnerability in Apple mac OS X

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus
exploit available
metasploit
NVD
Published: 2015-10-23
Updated: 2016-12-24

Summary

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

Vulnerable Configurations

Part Description Count
OS
Apple
93

Exploit-Db

descriptionSafari User-Assisted Applescript Exec Attack. CVE-2015-7007. Remote exploit for osx platform
fileexploits/osx/remote/38535.rb
idEDB-ID:38535
last seen2016-02-04
modified2015-10-26
platformosx
port
published2015-10-26
reportermetasploit
sourcehttps://www.exploit-db.com/download/38535/
titleSafari User-Assisted Applescript Exec Attack
typeremote

Metasploit

descriptionIn versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security & Privacy in order to avoid the unidentified Developer prompt.
idMSF:EXPLOIT/OSX/BROWSER/SAFARI_USER_ASSISTED_APPLESCRIPT_EXEC
last seen2020-06-01
modified2017-07-24
published2015-10-22
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb
titleSafari User-Assisted Applescript Exec Attack

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_10_11_1.NASL
descriptionThe remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen2020-06-01
modified2020-06-02
plugin id86654
published2015-10-29
reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/86654
titleMac OS X < 10.11.1 Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/134072/safari_user_assisted_applescript_exec.rb.txt
idPACKETSTORM:134072
last seen2016-12-05
published2015-10-23
reporterjoev
sourcehttps://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html
titleSafari User-Assisted Applescript Exec Attack

Saint

bid77266
descriptionSafari Script Editor AppleScript execution
idmisc_macosx_version
titlesafari_script_editor_exec
typeclient

References