CVE-2015-5897

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.10.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://www.securitytracker.com/id/1033703
https://support.apple.com/HT205267
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://www.securitytracker.com/id/1033703
https://support.apple.com/HT205267