cvelistv5 - cve-2019-6232

▼	URL	Tags
	product-security@apple.com	https://support.apple.com/HT209605	Vendor Advisory

▼	Vendor	Product
	Apple	iCloud for Windows

var-201912-0815

Vulnerability from variot

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6232: Stefan Kanthak (eskamation.de)

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer)

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit Available for: Windows 7 and later Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6236: Stefan Kanthak (eskamation.de)

Additional recognition

Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance.

WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance.

Installation note:

iCloud for Windows 7.11 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA msR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C KmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W HbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B xiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK FBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k c+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a OMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v Q8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu NHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA sxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U 5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q= =0QP2 -----END PGP SIGNATURE-----=

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.11"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.11 earlier"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.9.4 for windows earlier"
      },
      {
        "model": "macos high sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "macos mojave",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.14.4 earlier"
      },
      {
        "model": "macos sierra",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(security update 2019-002 not applied )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.1 earlier"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.2 earlier"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.2 earlier"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.2 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple,Stefan Kanthak (eskamation.de)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-6232",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-157667",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6232",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-939",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157667",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Cross-site scripting * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution * Arbitrary command execution * Memory corruption. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-6 iCloud for Windows 7.11\n\niCloud for Windows 7.11 is now available and addresses the following:\n\nCoreCrypto\nAvailable for: Windows 7 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-6232: Stefan Kanthak (eskamation.de)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2019-6201: dwfault working with ADLab of Venustech\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8523: Apple\nCVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\nCVE-2019-8559: Apple\nCVE-2019-8563: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cross-origin issue existed with the fetch API. \nCVE-2019-8515: James Lee (@Windowsrcer)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8536: Apple\nCVE-2019-8544: an anonymous researcher\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-7285: dwfault working at ADLab of Venustech\nCVE-2019-8556: Apple\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8503: Linus S\u00e4rud of Detectify\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-6236: Stefan Kanthak (eskamation.de)\n\nAdditional recognition\n\nSafari\nWe would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs\n(payatu.com) for their assistance. \n\nWebKit\nWe would like to acknowledge Andrey Kovalev of Yandex Security Team\nfor their assistance. \n\nInstallation note:\n\niCloud for Windows 7.11 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7spHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FvIRAA\nmsR75UH21iTYcw51dCCfBKSvthsplmLy/4hXwdD975Qk23H6nPRH+0CDQf1E+y3C\nKmWHZafHoUjfyu28MH5bJcYV9LZ2cTNZ+88f7EKNAH7Ox5MfzEyCO5EtA7Q9F/1W\nHbMBS7HmWPTFPREI5HzNrilhvV6GvOkql/7Wsp9a6miOJ4QO7oHcLc1YZB9Vh25B\nxiQJZeJ443DKfJKeWVOL3qVyL3xqGUB0rN3LFIWrFpybfuMyuNwle6lwQvcy0ulK\nFBCmj1MNlsep0dQHdA/jaR3UYWcNBOTieAh7QTsdOsa+64cTrJtQOqhAtI7ffu3k\nc+v84wO9URzosbXZEmQgw9lKDd8k+o2qy13QNULsIf0KKeNdhKwNq1EzvvDF0z/a\nOMot5r1l1ufhKd9SHPJZ1ouXz5d5zx3hjGMMhCxINVKfa26ZEqlRW5ST/vtxwL0v\nQ8SsfefyowWTimnt+Wl52ErwNgyS/ejTgGRzmrR1zlIVBk2eczwTlMd4bmHYMTHu\nNHhIZl9CA6Amnb+YIWT55h/ghpj1P/HGdAcmMo844GfZGrHhG9vMjpvb7uP3+gsA\nsxN5p3YK6FtH3w3LmpEX6e5D3xt1JV3GjfrwzI8HCDZ4B7BXW9oCTqYBO1fjlD+U\n5JiM2QuX58lIYitvAxfgAoWjU79AAZ9omZS4Q4D+n3Q=\n=0QP2\n-----END PGP SIGNATURE-----=\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6232",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93236010",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152228",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0986",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157667",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "id": "VAR-201912-0815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:51:27.821000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About the security content of iCloud for Windows 7.11",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209605"
      },
      {
        "title": "About the security content of watchOS 5.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209602"
      },
      {
        "title": "About the security content of iOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209599"
      },
      {
        "title": "About the security content of Xcode 10.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209606"
      },
      {
        "title": "About the security content of tvOS 12.2",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209601"
      },
      {
        "title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209600"
      },
      {
        "title": "About the security content of Safari 12.1",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209603"
      },
      {
        "title": "About the security content of iTunes 12.9.4 for Windows",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht209604"
      },
      {
        "title": "Apple iCloud for Windows Repair measures for competitive conditions",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90384"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht209605"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6232"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8558"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8559"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6236"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8563"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6232"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8520"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8522"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6239"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8526"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8563"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8556"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8507"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8533"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8508"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8537"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8554"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8513"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8558"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6207"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8519"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8559"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93236010/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8553"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8561"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8562"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8565"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8567"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8555"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8554"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht209605"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77790"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152228/apple-security-advisory-2019-3-25-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht209605"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6201"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8523"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8536"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8542"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8551"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-03-26T14:43:31",
        "db": "PACKETSTORM",
        "id": "152228"
      },
      {
        "date": "2019-12-18T18:15:21.207000",
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157667"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      },
      {
        "date": "2019-12-21T14:29:43.723000",
        "db": "NVD",
        "id": "CVE-2019-6232"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Updates to product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001923"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-939"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6232

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Aliases

CVE-2019-6232

Aliases

CVE-2019-6232

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6232",
    "description": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
    "id": "GSD-2019-6232"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6232"
      ],
      "details": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
      "id": "GSD-2019-6232",
      "modified": "2023-12-13T01:23:49.411879Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2019-6232",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iCloud for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 7.11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Running the iTunes installer in an untrusted directory may result in arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT209605",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT209605"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2019-6232"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT209605",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT209605"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-21T14:29Z",
      "publishedDate": "2019-12-18T18:15Z"
    }
  }
}

ghsa-mgvm-678f-6rwc

Vulnerability from github

Published

2022-05-24 17:04

Modified

2022-05-24 17:04

Details

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6232"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",
  "id": "GHSA-mgvm-678f-6rwc",
  "modified": "2022-05-24T17:04:06Z",
  "published": "2022-05-24T17:04:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6232"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2019-6232

Vulnerability from cvelistv5

var-201912-0815

Vulnerability from variot

gsd-2019-6232

Vulnerability from gsd

ghsa-mgvm-678f-6rwc

Vulnerability from github

Tags