cnvd - cnvd-2017-34258

cnvd-2017-34258

Vulnerability from cnvd

Title

Apple macOS Sierra内存破坏漏洞（CNVD-2017-34258）

Description

Apple macOS High Sierra是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。Quick Look是其中的一个文件快速查找预览组件。 Apple macOS High Sierra 10.13.1之前的版本中的Quick Look组件存在安全漏洞。远程攻击者可借助特制的Office文档利用该漏洞执行任意代码或造成拒绝服务（内存消耗和应用程序意外终止）。

Severity

高

Patch Name

Apple macOS Sierra内存破坏漏洞（CNVD-2017-34258）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT208221

Reference

https://support.apple.com/en-us/HT208221

Impacted products

Name
Apple macOS High Sierra <10.13.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7132"
    }
  },
  "description": "Apple macOS High Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Quick Look\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u5feb\u901f\u67e5\u627e\u9884\u89c8\u7ec4\u4ef6\u3002\r\n\r\nApple macOS High Sierra 10.13.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Quick Look\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Office\u6587\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6d88\u8017\u548c\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\uff09\u3002",
  "discovererName": "\u6fb3\u5927\u5229\u4e9a\u7f51\u7edc\u5b89\u5168\u4e2d\u5fc3 \u2013 \u6fb3\u5927\u5229\u4e9a\u4fe1\u53f7\u7406\u4e8b\u4f1a",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT208221",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34258",
  "openTime": "2017-11-17",
  "patchDescription": "Apple macOS High Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Quick Look\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u5feb\u901f\u67e5\u627e\u9884\u89c8\u7ec4\u4ef6\u3002\r\n\r\nApple macOS High Sierra 10.13.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Quick Look\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Office\u6587\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6d88\u8017\u548c\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Sierra\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34258\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS High Sierra \u003c10.13.1"
  },
  "referenceLink": "https://support.apple.com/en-us/HT208221",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-01",
  "title": "Apple macOS Sierra\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34258\uff09"
}

CVE-2017-7132 (GCVE-0-2017-7132)

Vulnerability from cvelistv5

Published

2017-11-13 03:00

Modified

2024-08-05 15:49

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.

References

URL

Tags

	https://support.apple.com/HT208221	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039710	vdb-entry, x_refsource_SECTRACK