XML External Entity (XXE) Vulnerability in Apple OS X Text Formats

XML External Entity (XXE) Vulnerability in Apple OS X Text Formats

CVE-2015-3762 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Learn more about our External Network Penetration Testing.