var-201702-0875
Vulnerability from variot

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code, to obtain sensitive information or cause a denial-of-service condition. Help Viewer is one of the WebKit-based HTML viewers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-01-23-2 macOS 10.12.3

macOS 10.12.3 is now available and addresses the following:

apache_mod_php Available for: macOS Sierra 10.12.2 Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 5.6.28. CVE-2016-8670 CVE-2016-9933 CVE-2016-9934

Bluetooth Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2353: Ian Beer of Google Project Zero

Graphics Drivers Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2361: lokihardt of Google Project Zero

IOAudioFamily Available for: macOS Sierra 10.12.2 Impact: An application may be able to determine kernel memory layout Description: An uninitialized memory issue was addressed through improved memory management. CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016

Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero

Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2360: Ian Beer of Google Project Zero

libarchive Available for: macOS Sierra 10.12.2 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2016-8687: Agostino Sarubbo of Gentoo

Vim Available for: macOS Sierra 10.12.2 Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An input validation issue existed in modelines. This was addressed through improved input validation. CVE-2016-1248: Florian Larysch

WebKit Available for: macOS Sierra 10.12.2 Impact: A malicious website can open popups Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation. CVE-2017-2371: lokihardt of Google Project Zero

macOS 10.12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2 tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9 HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn +I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK ykSG8JpyNuTNAl1HJtv6 =pBIh -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0875",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.2"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ian Beer of Google Project Zero, Team Pangu and lokihardt at PwnFest 2016, lokihardt of Google Project Zero,",
    "sources": [
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-2361",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-110564",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2361",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2361",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2361",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-455",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110564",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2361",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site,  execute arbitrary code, to obtain sensitive information or cause a  denial-of-service condition. Help Viewer is one of the WebKit-based HTML viewers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-01-23-2 macOS 10.12.3\n\nmacOS 10.12.3 is now available and addresses the following:\n\napache_mod_php\nAvailable for:  macOS Sierra 10.12.2\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 5.6.28. \nCVE-2016-8670\nCVE-2016-9933\nCVE-2016-9934\n\nBluetooth\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2353: Ian Beer of Google Project Zero\n\nGraphics Drivers\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2361: lokihardt of Google Project Zero\n\nIOAudioFamily\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to determine kernel memory layout\nDescription: An uninitialized memory issue was addressed through\nimproved memory management. \nCVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016\n\nKernel\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2370: Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  macOS Sierra 10.12.2\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2360: Ian Beer of Google Project Zero\n\nlibarchive\nAvailable for:  macOS Sierra 10.12.2\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2016-8687: Agostino Sarubbo of Gentoo\n\nVim\nAvailable for:  macOS Sierra 10.12.2\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An input validation issue existed in modelines. This was\naddressed through improved input validation. \nCVE-2016-1248: Florian Larysch\n\nWebKit\nAvailable for:  macOS Sierra 10.12.2\nImpact: A malicious website can open popups\nDescription: An issue existed in the handling of blocking popups. \nThis was addressed through improved input validation. \nCVE-2017-2371: lokihardt of Google Project Zero\n\nmacOS 10.12.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2\ntBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ\ntoj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds\nLhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9\nHOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn\n+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo\ncbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG\nHmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T\nNyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u\nloqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD\nM7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK\nykSG8JpyNuTNAl1HJtv6\n=pBIh\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-110564",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41443",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2361",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "95723",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1037671",
        "trust": 1.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41443",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97915630",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "141283",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-92703",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-110564",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140687",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "id": "VAR-201702-0875",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:38:39.624000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2017-01-23-2 macOS 10.12.3",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2017/Jan/msg00003.html"
      },
      {
        "title": "HT207483",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207483"
      },
      {
        "title": "HT207483",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207483"
      },
      {
        "title": "Apple macOS Sierra Help Viewer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67746"
      },
      {
        "title": "Check Point Security Alerts: Apple macOS Directory Traversal (CVE-2017-2361)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=daae6f9354a17fe73878f5617e683f47"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/95723"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207483"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/41443/"
      },
      {
        "trust": 1.2,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1037671"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2361"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97915630/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2361"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2017-1740.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9933"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2358"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2353"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8687"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2360"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1248"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "db": "BID",
        "id": "95723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "date": "2017-01-23T00:00:00",
        "db": "BID",
        "id": "95723"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "date": "2017-01-24T00:57:11",
        "db": "PACKETSTORM",
        "id": "140687"
      },
      {
        "date": "2017-01-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "date": "2017-02-20T08:59:05.010000",
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110564"
      },
      {
        "date": "2017-09-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2361"
      },
      {
        "date": "2017-02-02T01:00:00",
        "db": "BID",
        "id": "95723"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      },
      {
        "date": "2017-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      },
      {
        "date": "2024-11-21T03:23:22.070000",
        "db": "NVD",
        "id": "CVE-2017-2361"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS Cross-site scripting vulnerability in Help Viewer component",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001550"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-455"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…