Sign-up

ID

VAR-201704-0769


CVE

CVE-2017-2413


TITLE

Apple macOS of QuickTime Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-002391

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file. Apple macOS is prone to multiple security vulnerabilities. This may aid in further attacks

Trust: 2.07

sources: NVD: CVE-2017-2413 // JVNDB: JVNDB-2017-002391 // BID: 97140 // VULHUB: VHN-110616 // VULMON: CVE-2017-2413

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

sources: BID: 97140 // JVNDB: JVNDB-2017-002391 // CNNVD: CNNVD-201704-060 // NVD: CVE-2017-2413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2413
value: HIGH

Trust: 1.0

NVD: CVE-2017-2413
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110616
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-2413
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2413
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-110616
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2413
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110616 // VULMON: CVE-2017-2413 // JVNDB: JVNDB-2017-002391 // CNNVD: CNNVD-201704-060 // NVD: CVE-2017-2413

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110616 // JVNDB: JVNDB-2017-002391 // NVD: CVE-2017-2413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-060

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002391

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/HT207615
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/HT207615
Trust: 0.8
title:Apple macOS Sierra QuickTime Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68953
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002391 // 
            
            
            
            CNNVD: CNNVD-201704-060

EXTERNAL IDS
db:NVDid:CVE-2017-2413
Trust: 2.9
db:BIDid:97140
Trust: 2.1
db:SECTRACKid:1038138
Trust: 1.2
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002391
Trust: 0.8
db:CNNVDid:CNNVD-201704-060
Trust: 0.7
db:VULHUBid:VHN-110616
Trust: 0.1
db:VULMONid:CVE-2017-2413
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110616 // 
            
            
            
            VULMON: CVE-2017-2413 // 
            
            
            
            BID: 97140 // 
            
            
            
            JVNDB: JVNDB-2017-002391 // 
            
            
            
            CNNVD: CNNVD-201704-060 // 
            
            
            
            NVD: CVE-2017-2413

REFERENCES
url:http://www.securityfocus.com/bid/97140
Trust: 1.8
url:https://support.apple.com/ht207615
Trust: 1.8
url:http://www.securitytracker.com/id/1038138
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2413
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2413
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110616 // 
            
            
            
            VULMON: CVE-2017-2413 // 
            
            
            
            BID: 97140 // 
            
            
            
            JVNDB: JVNDB-2017-002391 // 
            
            
            
            CNNVD: CNNVD-201704-060 // 
            
            
            
            NVD: CVE-2017-2413

CREDITS
Ulf Frisk, Apple, Brandon Azad, an anonymous researcher, Max Bazaliy, beist, Sergey Bylokhov, Simon Huang, pjf, Alex Fishman, Izik Eidus, Pekka Oikarainen, Matias Karhumaa, Marko Laakso, @cocoahuke, kimyok, Craig Arendt, Axis, sss, Orr A, Benjamin Gnahm, I
Trust: 0.3
sources:
            
            
            BID: 97140

SOURCES
db:VULHUBid:VHN-110616
db:VULMONid:CVE-2017-2413
db:BIDid:97140
db:JVNDBid:JVNDB-2017-002391
db:CNNVDid:CNNVD-201704-060
db:NVDid:CVE-2017-2413

LAST UPDATE DATE
2024-11-23T20:51:08.926000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110616date:2017-07-12T00:00:00
db:VULMONid:CVE-2017-2413date:2017-07-12T00:00:00
db:BIDid:97140date:2017-06-08T08:02:00
db:JVNDBid:JVNDB-2017-002391date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-060date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2413date:2024-11-21T03:23:28.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-110616date:2017-04-02T00:00:00
db:VULMONid:CVE-2017-2413date:2017-04-02T00:00:00
db:BIDid:97140date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002391date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-060date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2413date:2017-04-02T01:59:01.327