cvelistv5 - CVE-2017-2361

CVE-2017-2361 (GCVE-0-2017-2361)

Vulnerability from cvelistv5

Published

2017-02-20 08:35

Modified

2024-08-05 13:48

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201702-0875

Vulnerability from variot

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code, to obtain sensitive information or cause a denial-of-service condition. Help Viewer is one of the WebKit-based HTML viewers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-01-23-2 macOS 10.12.3

macOS 10.12.3 is now available and addresses the following:

apache_mod_php Available for: macOS Sierra 10.12.2 Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 5.6.28. CVE-2016-8670 CVE-2016-9933 CVE-2016-9934

Bluetooth Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2353: Ian Beer of Google Project Zero

Graphics Drivers Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2361: lokihardt of Google Project Zero

IOAudioFamily Available for: macOS Sierra 10.12.2 Impact: An application may be able to determine kernel memory layout Description: An uninitialized memory issue was addressed through improved memory management. CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016

Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero

Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2360: Ian Beer of Google Project Zero

libarchive Available for: macOS Sierra 10.12.2 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2016-8687: Agostino Sarubbo of Gentoo

Vim Available for: macOS Sierra 10.12.2 Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An input validation issue existed in modelines. This was addressed through improved input validation. CVE-2016-1248: Florian Larysch

WebKit Available for: macOS Sierra 10.12.2 Impact: A malicious website can open popups Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation. CVE-2017-2371: lokihardt of Google Project Zero

macOS 10.12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2 tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9 HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn +I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK ykSG8JpyNuTNAl1HJtv6 =pBIh -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0875",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ian Beer of Google Project Zero, Team Pangu and lokihardt at PwnFest 2016, lokihardt of Google Project Zero,",
    "sources": [
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-2361",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-110564",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2361",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2361",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2361",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-455",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110564",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2361",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site,  execute arbitrary code, to obtain sensitive information or cause a  denial-of-service condition. Help Viewer is one of the WebKit-based HTML viewers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-01-23-2 macOS 10.12.3\n\nmacOS 10.12.3 is now available and addresses the following:\n\napache_mod_php\nAvailable for:  macOS Sierra 10.12.2\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 5.6.28. \nCVE-2016-8670\nCVE-2016-9933\nCVE-2016-9934\n\nBluetooth\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2353: Ian Beer of Google Project Zero\n\nGraphics Drivers\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2361: lokihardt of Google Project Zero\n\nIOAudioFamily\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to determine kernel memory layout\nDescription: An uninitialized memory issue was addressed through\nimproved memory management. \nCVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016\n\nKernel\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2370: Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2360: Ian Beer of Google Project Zero\n\nlibarchive\nAvailable for:  macOS Sierra 10.12.2\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2016-8687: Agostino Sarubbo of Gentoo\n\nVim\nAvailable for:  macOS Sierra 10.12.2\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An input validation issue existed in modelines. This was\naddressed through improved input validation. \nCVE-2016-1248: Florian Larysch\n\nWebKit\nAvailable for:  macOS Sierra 10.12.2\nImpact: A malicious website can open popups\nDescription: An issue existed in the handling of blocking popups. \nThis was addressed through improved input validation. \nCVE-2017-2371: lokihardt of Google Project Zero\n\nmacOS 10.12.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2\ntBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ\ntoj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds\nLhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9\nHOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn\n+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo\ncbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG\nHmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T\nNyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u\nloqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD\nM7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK\nykSG8JpyNuTNAl1HJtv6\n=pBIh\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-110564",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41443",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2361",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "95723",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1037671",
        "trust": 1.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41443",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97915630",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "141283",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-92703",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-110564",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140687",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "id": "VAR-201702-0875",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:38:39.624000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2017-01-23-2 macOS 10.12.3",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2017/Jan/msg00003.html"
      },
      {
        "title": "HT207483",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207483"
      },
      {
        "title": "HT207483",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207483"
      },
      {
        "title": "Apple macOS Sierra Help Viewer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67746"
      },
      {
        "title": "Check Point Security Alerts: Apple macOS Directory Traversal (CVE-2017-2361)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=daae6f9354a17fe73878f5617e683f47"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/95723"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207483"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/41443/"
      },
      {
        "trust": 1.2,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1037671"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2361"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97915630/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2361"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2017-1740.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9933"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2358"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2353"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8687"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2360"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1248"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "date": "2017-01-23T00:00:00",
        "db": "BID",
        "id": "95723"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "date": "2017-01-24T00:57:11",
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "date": "2017-01-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "date": "2017-02-20T08:59:05.010000",
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "date": "2017-09-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "date": "2017-02-02T01:00:00",
        "db": "BID",
        "id": "95723"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "date": "2017-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "date": "2024-11-21T03:23:22.070000",
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS Cross-site scripting vulnerability in Help Viewer component",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2017-AVI-028

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	tvOS versions antérieures à 10.1.1
Apple	N/A	iTunes pour Windows versions antérieures à 12.5.5
Apple	N/A	iCloud pour Windows versions antérieures à 6.1.1
Apple	macOS	macOS Sierra versions antérieures à 10.12.3
Apple	Safari	Safari versions antérieures à 10.0.3
Apple	N/A	iOS versions antérieures à 10.2.1
Apple	N/A	watchOS versions antérieures à 3.1.3

References

Title

Publication Time

fkie_cve-2017-2361

Vulnerability from fkie_nvd

Published

2017-02-20 08:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/95723	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1037671
product-security@apple.com	https://bugs.chromium.org/p/project-zero/issues/detail?id=1040
product-security@apple.com	https://support.apple.com/HT207483	Vendor Advisory
product-security@apple.com	https://www.exploit-db.com/exploits/41443/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95723	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037671
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/project-zero/issues/detail?id=1040
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207483	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41443/

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06BE9BF5-8D87-4C42-96F6-065A088EAF9B",
              "versionEndIncluding": "10.12.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 est\u00e1 afectado. El problema involucra al componente \"Help Viewer\" que permite ataques de XSS a trav\u00e9s de un sito web manipulado."
    }
  ],
  "id": "CVE-2017-2361",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-20T08:59:05.010",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95723"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1037671"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207483"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.exploit-db.com/exploits/41443/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41443/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2017-01942

Vulnerability from cnvd

Title

Apple macOS Sierra Help Viewer跨站脚本漏洞

Description

Apple macOS Sierra是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。Help Viewer是其中的一个基于WebKit的HTML查看器。 Apple macOS Sierra中的Help Viewer存在跨站脚本漏洞。攻击者可借助特制的恶意Web内容利用漏洞执行任意代码。

Severity

中

Patch Name

Apple macOS Sierra Help Viewer跨站脚本漏洞的补丁

Patch Description

Apple macOS Sierra是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。Help Viewer是其中的一个基于WebKit的HTML查看器。 Apple macOS Sierra中的Help Viewer存在跨站脚本漏洞。攻击者可借助特制的恶意Web内容利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/zh-cn/HT207483

Reference

http://www.securityfocus.com/bid/95723

Impacted products

Name
Apple MacOS 10.12.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95723"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2361",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2361"
    }
  },
  "description": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Help Viewer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWebKit\u7684HTML\u67e5\u770b\u5668\u3002\r\n\r\nApple macOS Sierra\u4e2d\u7684Help Viewer\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6076\u610fWeb\u5185\u5bb9\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ian Beer of Google Project Zero, Team Pangu and lokihardt at PwnFest 2016, lokihardt of Google Project Zero,",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT207483",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01942",
  "openTime": "2017-02-24",
  "patchDescription": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Help Viewer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u57fa\u4e8eWebKit\u7684HTML\u67e5\u770b\u5668\u3002\r\n\r\nApple macOS Sierra\u4e2d\u7684Help Viewer\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6076\u610fWeb\u5185\u5bb9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Sierra Help Viewer\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple MacOS 10.12.2"
  },
  "referenceLink": "http://www.securityfocus.com/bid/95723",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-16",
  "title": "Apple macOS Sierra Help Viewer\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

ghsa-xjfg-8p96-4jw7

Vulnerability from github

Published

2022-05-17 01:19

Modified

2025-04-20 03:33

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-20T08:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site.",
  "id": "GHSA-xjfg-8p96-4jw7",
  "modified": "2025-04-20T03:33:14Z",
  "published": "2022-05-17T01:19:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2361"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207483"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41443"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95723"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-2361

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

Aliases

CVE-2017-2361

Aliases

CVE-2017-2361

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2361",
    "description": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site.",
    "id": "GSD-2017-2361",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-2361"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2361"
      ],
      "details": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site.",
      "id": "GSD-2017-2361",
      "modified": "2023-12-13T01:21:06.163480Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-2361",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT207483",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207483"
          },
          {
            "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
          },
          {
            "name": "41443",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41443/"
          },
          {
            "name": "1037671",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037671"
          },
          {
            "name": "95723",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95723"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-2361"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207483",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207483"
            },
            {
              "name": "95723",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95723"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
            },
            {
              "name": "1037671",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037671"
            },
            {
              "name": "41443",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/41443/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-09-01T01:29Z",
      "publishedDate": "2017-02-20T08:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2361 (GCVE-0-2017-2361)

Vulnerability from cvelistv5

var-201702-0875

Vulnerability from variot

CERTFR-2017-AVI-028

Vulnerability from certfr_avis

Solution

fkie_cve-2017-2361

Vulnerability from fkie_nvd

cnvd-2017-01942

Vulnerability from cnvd

ghsa-xjfg-8p96-4jw7

Vulnerability from github

gsd-2017-2361

Vulnerability from gsd

Tags

Sightings

Nomenclature