Details of VAR-201702-0875

ID

VAR-201702-0875

CVE

CVE-2017-2361

TITLE

Apple macOS Cross-site scripting vulnerability in Help Viewer component

Trust: 0.8

sources: JVNDB: JVNDB-2017-001550

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code, to obtain sensitive information or cause a denial-of-service condition. Help Viewer is one of the WebKit-based HTML viewers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-2 macOS 10.12.3 macOS 10.12.3 is now available and addresses the following: apache_mod_php Available for: macOS Sierra 10.12.2 Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 5.6.28. CVE-2016-8670 CVE-2016-9933 CVE-2016-9934 Bluetooth Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2353: Ian Beer of Google Project Zero Graphics Drivers Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2361: lokihardt of Google Project Zero IOAudioFamily Available for: macOS Sierra 10.12.2 Impact: An application may be able to determine kernel memory layout Description: An uninitialized memory issue was addressed through improved memory management. CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016 Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2360: Ian Beer of Google Project Zero libarchive Available for: macOS Sierra 10.12.2 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2016-8687: Agostino Sarubbo of Gentoo Vim Available for: macOS Sierra 10.12.2 Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An input validation issue existed in modelines. This was addressed through improved input validation. CVE-2016-1248: Florian Larysch WebKit Available for: macOS Sierra 10.12.2 Impact: A malicious website can open popups Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation. CVE-2017-2371: lokihardt of Google Project Zero macOS 10.12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2 tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9 HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn +I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK ykSG8JpyNuTNAl1HJtv6 =pBIh -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2017-2361 // JVNDB: JVNDB-2017-001550 // BID: 95723 // VULHUB: VHN-110564 // VULMON: CVE-2017-2361 // PACKETSTORM: 140687

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.2	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.2	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.3	Trust: 0.3

sources: BID: 95723 // JVNDB: JVNDB-2017-001550 // CNNVD: CNNVD-201702-455 // NVD: CVE-2017-2361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2361
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2361
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-455
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110564
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-2361
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2361
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-110564
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2361
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110564 // VULMON: CVE-2017-2361 // JVNDB: JVNDB-2017-001550 // CNNVD: CNNVD-201702-455 // NVD: CVE-2017-2361

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-110564 // JVNDB: JVNDB-2017-001550 // NVD: CVE-2017-2361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-455

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-455

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001550

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110564 // VULMON: CVE-2017-2361

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2017-01-23-2 macOS 10.12.3	url:	https://lists.apple.com/archives/security-announce/2017/Jan/msg00003.html	Trust: 0.8
title:	HT207483	url:	https://support.apple.com/en-us/HT207483	Trust: 0.8
title:	HT207483	url:	https://support.apple.com/ja-jp/HT207483	Trust: 0.8
title:	Apple macOS Sierra Help Viewer Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67746	Trust: 0.6
title:	Check Point Security Alerts: Apple macOS Directory Traversal (CVE-2017-2361)	url:	https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts&qid=daae6f9354a17fe73878f5617e683f47	Trust: 0.1

sources: VULMON: CVE-2017-2361 // JVNDB: JVNDB-2017-001550 // CNNVD: CNNVD-201702-455

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2361	Trust: 3.0
db:	BID	id:	95723	Trust: 2.1
db:	SECTRACK	id:	1037671	Trust: 1.2
db:	EXPLOIT-DB	id:	41443	Trust: 1.2
db:	JVN	id:	JVNVU97915630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001550	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-455	Trust: 0.7
db:	PACKETSTORM	id:	141283	Trust: 0.1
db:	SEEBUG	id:	SSVID-92703	Trust: 0.1
db:	VULHUB	id:	VHN-110564	Trust: 0.1
db:	VULMON	id:	CVE-2017-2361	Trust: 0.1
db:	PACKETSTORM	id:	140687	Trust: 0.1

sources: VULHUB: VHN-110564 // VULMON: CVE-2017-2361 // BID: 95723 // JVNDB: JVNDB-2017-001550 // PACKETSTORM: 140687 // CNNVD: CNNVD-201702-455 // NVD: CVE-2017-2361

REFERENCES

url:	http://www.securityfocus.com/bid/95723	Trust: 1.9
url:	https://support.apple.com/ht207483	Trust: 1.8
url:	https://www.exploit-db.com/exploits/41443/	Trust: 1.3
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1040	Trust: 1.2
url:	http://www.securitytracker.com/id/1037671	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2361	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97915630/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2361	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2017-1740.html	Trust: 0.1
url:	https://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9933	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2361	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2358	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2353	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8687	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2370	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2360	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2371	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2357	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1248	Trust: 0.1

sources: VULHUB: VHN-110564 // VULMON: CVE-2017-2361 // BID: 95723 // JVNDB: JVNDB-2017-001550 // PACKETSTORM: 140687 // CNNVD: CNNVD-201702-455 // NVD: CVE-2017-2361

CREDITS

Ian Beer of Google Project Zero, Team Pangu and lokihardt at PwnFest 2016, lokihardt of Google Project Zero,

Trust: 0.9

sources: BID: 95723 // CNNVD: CNNVD-201702-455

SOURCES

db:	VULHUB	id:	VHN-110564
db:	VULMON	id:	CVE-2017-2361
db:	BID	id:	95723
db:	JVNDB	id:	JVNDB-2017-001550
db:	PACKETSTORM	id:	140687
db:	CNNVD	id:	CNNVD-201702-455
db:	NVD	id:	CVE-2017-2361

LAST UPDATE DATE

2024-11-23T19:38:39.624000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110564	date:	2017-09-01T00:00:00
db:	VULMON	id:	CVE-2017-2361	date:	2017-09-01T00:00:00
db:	BID	id:	95723	date:	2017-02-02T01:00:00
db:	JVNDB	id:	JVNDB-2017-001550	date:	2017-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201702-455	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2017-2361	date:	2024-11-21T03:23:22.070

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110564	date:	2017-02-20T00:00:00
db:	VULMON	id:	CVE-2017-2361	date:	2017-02-20T00:00:00
db:	BID	id:	95723	date:	2017-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-001550	date:	2017-02-27T00:00:00
db:	PACKETSTORM	id:	140687	date:	2017-01-24T00:57:11
db:	CNNVD	id:	CNNVD-201702-455	date:	2017-01-23T00:00:00
db:	NVD	id:	CVE-2017-2361	date:	2017-02-20T08:59:05.010