Vulnerability-Lookup

CVE-2017-7035 (GCVE-0-2017-7035)

Vulnerability from cvelistv5 – Published: 2017-07-20 16:00 – Updated: 2024-08-05 15:49

Summary

Severity

No CVSS data available.

CWE

Assigner

apple

References

3 references

URL	Tags
http://www.securitytracker.com/id/1038951	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99882	vdb-entryx_refsource_BID
https://support.apple.com/HT207922	x_refsource_CONFIRM

Date Public

2017-07-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:49:02.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038951",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038951"
          },
          {
            "name": "99882",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207922"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-21T09:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1038951",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038951"
        },
        {
          "name": "99882",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207922"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7035",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038951",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038951"
            },
            {
              "name": "99882",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99882"
            },
            {
              "name": "https://support.apple.com/HT207922",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207922"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-7035",
    "datePublished": "2017-07-20T16:00:00.000Z",
    "dateReserved": "2017-03-17T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:49:02.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-7035",
      "date": "2026-05-29",
      "epss": "0.00423",
      "percentile": "0.6239"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.12.5\", \"matchCriteriaId\": \"6EDF6EA0-1304-4C8E-B5C7-7C05A4008934\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \\\"Intel Graphics Driver\\\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en ciertos productos de Apple. MacOS anterior a la versi\\u00f3n 10.12.6 est\\u00e1 afectado. El problema involucra el componente \\\"Intel Graphics Driver\\\". Permite a los atacantes ejecutar c\\u00f3digo arbitrario en un contexto privilegiado o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) por medio de una aplicaci\\u00f3n creada.\"}]",
      "id": "CVE-2017-7035",
      "lastModified": "2024-11-21T03:31:01.330",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-07-20T16:29:01.270",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99882\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038951\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207922\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038951\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7035\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-07-20T16:29:01.270\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \\\"Intel Graphics Driver\\\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en ciertos productos de Apple. MacOS anterior a la versi\u00f3n 10.12.6 est\u00e1 afectado. El problema involucra el componente \\\"Intel Graphics Driver\\\". Permite a los atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una aplicaci\u00f3n creada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.12.5\",\"matchCriteriaId\":\"6EDF6EA0-1304-4C8E-B5C7-7C05A4008934\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99882\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038951\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207922\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-229

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 3.2.3
Apple	N/A	Yosemite sans le correctif de sécurité 2017-003
Apple	N/A	iCloud pour Windows versions antérieures à 6.2.2
Apple	Safari	Safari versions antérieures à 10.1.2
Apple	macOS	macOS Sierra verions antérieures à 10.12.6
Apple	N/A	iTunes pour Windows versions antérieures à 12.6.2
Apple	N/A	El Capitan sans le correctif de sécurité 2017-003
Apple	N/A	tvOS versions antérieures à 10.2.2
Apple	N/A	iOS versions antérieures à 10.3.3

References

Title

Publication Time

CERTFR-2017-AVI-229

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 3.2.3
Apple	N/A	Yosemite sans le correctif de sécurité 2017-003
Apple	N/A	iCloud pour Windows versions antérieures à 6.2.2
Apple	Safari	Safari versions antérieures à 10.1.2
Apple	macOS	macOS Sierra verions antérieures à 10.12.6
Apple	N/A	iTunes pour Windows versions antérieures à 12.6.2
Apple	N/A	El Capitan sans le correctif de sécurité 2017-003
Apple	N/A	tvOS versions antérieures à 10.2.2
Apple	N/A	iOS versions antérieures à 10.3.3

References

Title

Publication Time

CNVD-2017-17206

Vulnerability from cnvd - Published: 2017-07-28

Title

Apple macOS Sierra Intel Graphics Driver内存破坏漏洞（CNVD-2017-17206）

Description

Apple macOS Sierra是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。Intel Graphics Driver是其中的一个显卡驱动。 Apple macOS Sierra 10.12.6之前的版本中的Intel Graphics Driver组件存在内存破坏漏洞。攻击者可借助特制的应用程序利用该漏洞以系统权限执行任意代码或造成拒绝服务（内存破坏）。

Severity

高

Patch Name

Apple macOS Sierra Intel Graphics Driver内存破坏漏洞（CNVD-2017-17206）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/zh-cn/HT207922

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-7035

Impacted products

Name
Apple macOS <10.12.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7035"
    }
  },
  "description": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Intel Graphics Driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u663e\u5361\u9a71\u52a8\u3002\r\n\r\nApple macOS Sierra 10.12.6\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Intel Graphics Driver\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u3002",
  "discovererName": "\u5947\u864e 360 Nirvan Team \u7684 shrek_wzw",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://support.apple.com/zh-cn/HT207922",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-17206",
  "openTime": "2017-07-28",
  "patchDescription": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Intel Graphics Driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u663e\u5361\u9a71\u52a8\u3002\r\n\r\nApple macOS Sierra 10.12.6\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Intel Graphics Driver\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Sierra Intel Graphics Driver\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-17206\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS \u003c10.12.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-7035",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-21",
  "title": "Apple macOS Sierra Intel Graphics Driver\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-17206\uff09"
}

FKIE_CVE-2017-7035

Vulnerability from fkie_nvd - Published: 2017-07-20 16:29 - Updated: 2026-05-13 00:24

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/99882	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1038951	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT207922	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99882	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038951	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207922	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDF6EA0-1304-4C8E-B5C7-7C05A4008934",
              "versionEndIncluding": "10.12.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en ciertos productos de Apple. MacOS anterior a la versi\u00f3n 10.12.6 est\u00e1 afectado. El problema involucra el componente \"Intel Graphics Driver\". Permite a los atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una aplicaci\u00f3n creada."
    }
  ],
  "id": "CVE-2017-7035",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-20T16:29:01.270",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99882"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038951"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207922"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2WWC-PMG9-2F8M

Vulnerability from github – Published: 2022-05-17 02:27 – Updated: 2022-05-17 02:27

Details

Severity

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-20T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
  "id": "GHSA-2wwc-pmg9-2f8m",
  "modified": "2022-05-17T02:27:13Z",
  "published": "2022-05-17T02:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7035"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207922"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99882"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-7035

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7035

Aliases

CVE-2017-7035

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7035",
    "description": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
    "id": "GSD-2017-7035"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7035"
      ],
      "details": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
      "id": "GSD-2017-7035",
      "modified": "2023-12-13T01:21:06.303864Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-7035",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038951",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038951"
          },
          {
            "name": "99882",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99882"
          },
          {
            "name": "https://support.apple.com/HT207922",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207922"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7035"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207922",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207922"
            },
            {
              "name": "1038951",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038951"
            },
            {
              "name": "99882",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99882"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-24T13:48Z",
      "publishedDate": "2017-07-20T16:29Z"
    }
  }
}

VAR-201707-1193

Vulnerability from variot - Updated: 2023-12-18 11:16

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-07-19-2 macOS 10.12.6

macOS 10.12.6 is now available and addresses the following:

afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7016: riusksk (ae3aY=) of Tencent Security Platform Department

afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7033: riusksk (ae3aY=) of Tencent Security Platform Department

AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team

Audio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc. CVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of MWR InfoSecurity

Contacts Available for: macOS Sierra 10.12.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved bounds checking. CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team

curl Available for: macOS Sierra 10.12.5 Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to version 7.54.0. CVE-2016-9586 CVE-2016-9594 CVE-2017-2629 CVE-2017-7468

Foundation Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab (eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team

Intel Graphics Driver Available for: macOS Sierra 10.12.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team

IOUSBFamily Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher

Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7026: an anonymous researcher

Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team

kext tools Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team

libarchive Available for: macOS Sierra 10.12.5 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz

libxml2 Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7047: Ian Beer of Google Project Zero

Wi-Fi Available for: macOS Sierra 10.12.5 Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Additional recognition

curl We would like to acknowledge Dave Murdock of Tangerine Element for their assistance.

Installation note:

macOS 10.12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGe3QP/2EYqCofq3zbIdr8qyzqkFea S7TLjRwnRulKBO4/Cj4Qfkc5wp8g4gd6qs0SjpfHIMw5XWwwGSxtljQ+zPhd8Zie AtwDPcjNpNKzcdgs1guEUwkv9gLgDbS6xbCUEnld00lURTAWxtMEP3Ue5chaJMn7 GpYQx8ZDZ15D8cjbtvIYHjmhTEutiqWB0EAcEvuM3ov54oC7qlu7vpXzevcLw9j6 YwZZJz2MSIlhpQh466qBr1Eay+EdTF69D0F18Jlpx9M+QejpHBLy08vk3UypXkqs Jjf/FmqrSuSZrPwU+WOYaps6AvZ+pDMnJIBuWDw1BaI5hrx3KA8eyGSlzedTM7DG r+myZHjIt4EOuSK6rOyZnmTLJM7/gWOm4CpPPbyDNd10nJm5oDWuZnqMlBcC4X/8 99ks/lXKbxtwTVL4AHDb0+rKJ2N9Try5togURREkAC5cI/97+zKzQ9Qobu4iC8MN Yo9dwDDP77vxANrGAUbEJSAWBR+tkLJw1jIJhIXeb/Hhayw4J02qo6RzO9bMotcx RhsNAr3ZN/REBBzinUR13o605W7I3ktRZlc1K8aVQqj4doRLCUAw0TJXs2/4pkKI hdueKoFsS66nbgoThU6VmAkyPfYubvJuDEaZ5wzS1CZOHZSr2Hy5//YfY9UhRcBu RN8FF9CraIvShvn0urgd =wnAu -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1193",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security update yosemite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2017-0030"
      },
      {
        "model": "security update el capitan",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2017-0030"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz, riusksk, chenqin of Ant-financial Light-Year Security Lab, HappilyCoded (ant4g0nist and r3dsm0k3), shrek_wzw of Qihoo 360 Nirvan Team, Min (Spark) Zheng of Alibaba Inc, Lufeng Li of Qihoo 360 Vulcan Te",
    "sources": [
      {
        "db": "BID",
        "id": "99882"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7035",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-7035",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-115238",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-7035",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-7035",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-975",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115238",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code or  bypass security restrictions and  perform unauthorized actions. This may  aid  in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-2 macOS 10.12.6\n\nmacOS 10.12.6 is now available and addresses the following:\n\nafclip\nAvailable for:  macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7016: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nafclip\nAvailable for:  macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7033: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nAppleGraphicsPowerManagement\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team\n\nAudio\nAvailable for:  macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7050: Min (Spark) Zheng of Alibaba Inc. \nCVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of\nMWR InfoSecurity\n\nContacts\nAvailable for:  macOS Sierra 10.12.5\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-7062: Shashank (@cyberboyIndia)\n\nCoreAudio\nAvailable for:  macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nbounds checking. \nCVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\ncurl\nAvailable for:  macOS Sierra 10.12.5\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to version\n7.54.0. \nCVE-2016-9586\nCVE-2016-9594\nCVE-2017-2629\nCVE-2017-7468\n\nFoundation\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz\nCVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team\nCVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team\n\nIntel Graphics Driver\nAvailable for:  macOS Sierra 10.12.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team\nCVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team\n\nIOUSBFamily\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7022: an anonymous researcher\nCVE-2017-7024: an anonymous researcher\n\nKernel\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7026: an anonymous researcher\n\nKernel\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7028: an anonymous researcher\nCVE-2017-7029: an anonymous researcher\nCVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team\n\nkext tools\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team\n\nlibarchive\nAvailable for:  macOS Sierra 10.12.5\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-7068: found by OSS-Fuzz\n\nlibxml2\nAvailable for:  macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-7047: Ian Beer of Google Project Zero\n\nWi-Fi\nAvailable for:  macOS Sierra 10.12.5\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nAdditional recognition\n\ncurl\nWe would like to acknowledge Dave Murdock of Tangerine Element for\ntheir assistance. \n\nInstallation note:\n\nmacOS 10.12.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGe3QP/2EYqCofq3zbIdr8qyzqkFea\nS7TLjRwnRulKBO4/Cj4Qfkc5wp8g4gd6qs0SjpfHIMw5XWwwGSxtljQ+zPhd8Zie\nAtwDPcjNpNKzcdgs1guEUwkv9gLgDbS6xbCUEnld00lURTAWxtMEP3Ue5chaJMn7\nGpYQx8ZDZ15D8cjbtvIYHjmhTEutiqWB0EAcEvuM3ov54oC7qlu7vpXzevcLw9j6\nYwZZJz2MSIlhpQh466qBr1Eay+EdTF69D0F18Jlpx9M+QejpHBLy08vk3UypXkqs\nJjf/FmqrSuSZrPwU+WOYaps6AvZ+pDMnJIBuWDw1BaI5hrx3KA8eyGSlzedTM7DG\nr+myZHjIt4EOuSK6rOyZnmTLJM7/gWOm4CpPPbyDNd10nJm5oDWuZnqMlBcC4X/8\n99ks/lXKbxtwTVL4AHDb0+rKJ2N9Try5togURREkAC5cI/97+zKzQ9Qobu4iC8MN\nYo9dwDDP77vxANrGAUbEJSAWBR+tkLJw1jIJhIXeb/Hhayw4J02qo6RzO9bMotcx\nRhsNAr3ZN/REBBzinUR13o605W7I3ktRZlc1K8aVQqj4doRLCUAw0TJXs2/4pkKI\nhdueKoFsS66nbgoThU6VmAkyPfYubvJuDEaZ5wzS1CZOHZSr2Hy5//YfY9UhRcBu\nRN8FF9CraIvShvn0urgd\n=wnAu\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "BID",
        "id": "99882"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "PACKETSTORM",
        "id": "143432"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7035",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "99882",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1038951",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91410779",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-115238",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143432",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "BID",
        "id": "99882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "PACKETSTORM",
        "id": "143432"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "id": "VAR-201707-1193",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:16:55.572000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "HT207922",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207922"
      },
      {
        "title": "HT207922",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207922"
      },
      {
        "title": "Apple macOS Sierra Intel Graphics Driver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71917"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207922"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/99882"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038951"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7035"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7035"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91410779/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9586"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7025"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7028"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7031"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7008"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7032"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7023"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7045"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7015"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "BID",
        "id": "99882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "PACKETSTORM",
        "id": "143432"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "db": "BID",
        "id": "99882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "db": "PACKETSTORM",
        "id": "143432"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "BID",
        "id": "99882"
      },
      {
        "date": "2017-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "date": "2017-07-20T18:32:22",
        "db": "PACKETSTORM",
        "id": "143432"
      },
      {
        "date": "2017-07-20T16:29:01.270000",
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "date": "2017-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115238"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "BID",
        "id": "99882"
      },
      {
        "date": "2017-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      },
      {
        "date": "2017-07-24T13:48:45.630000",
        "db": "NVD",
        "id": "CVE-2017-7035"
      },
      {
        "date": "2017-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS of  Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005763"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-975"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7035 (GCVE-0-2017-7035)

CERTFR-2017-AVI-229

Solution

CERTFR-2017-AVI-229

Solution

CNVD-2017-17206

FKIE_CVE-2017-7035

GHSA-2WWC-PMG9-2F8M

GSD-2017-7035

VAR-201707-1193

Tags

Sightings

Nomenclature