Sign-up

ID

VAR-201704-0817


CVE

CVE-2017-2443


TITLE

Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-002347

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. This may aid in further attacks

Trust: 2.07

sources: NVD: CVE-2017-2443 // JVNDB: JVNDB-2017-002347 // BID: 97140 // VULHUB: VHN-110646 // VULMON: CVE-2017-2443

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

sources: BID: 97140 // JVNDB: JVNDB-2017-002347 // CNNVD: CNNVD-201704-081 // NVD: CVE-2017-2443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2443
value: HIGH

Trust: 1.0

NVD: CVE-2017-2443
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-081
value: CRITICAL

Trust: 0.6

VULHUB: VHN-110646
value: HIGH

Trust: 0.1

VULMON: CVE-2017-2443
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2443
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-110646
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2443
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110646 // VULMON: CVE-2017-2443 // JVNDB: JVNDB-2017-002347 // CNNVD: CNNVD-201704-081 // NVD: CVE-2017-2443

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110646 // JVNDB: JVNDB-2017-002347 // NVD: CVE-2017-2443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-081

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002347

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110646 // 
            
            
            
            VULMON: CVE-2017-2443

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/HT207615
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/HT207615
Trust: 0.8
title:Apple macOS Sierra Intel Graphics Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68974
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002347 // 
            
            
            
            CNNVD: CNNVD-201704-081

EXTERNAL IDS
db:NVDid:CVE-2017-2443
Trust: 2.9
db:BIDid:97140
Trust: 2.1
db:EXPLOIT-DBid:41790
Trust: 1.2
db:SECTRACKid:1038138
Trust: 1.2
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002347
Trust: 0.8
db:CNNVDid:CNNVD-201704-081
Trust: 0.7
db:PACKETSTORMid:141962
Trust: 0.1
db:SEEBUGid:SSVID-92892
Trust: 0.1
db:VULHUBid:VHN-110646
Trust: 0.1
db:VULMONid:CVE-2017-2443
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110646 // 
            
            
            
            VULMON: CVE-2017-2443 // 
            
            
            
            BID: 97140 // 
            
            
            
            JVNDB: JVNDB-2017-002347 // 
            
            
            
            CNNVD: CNNVD-201704-081 // 
            
            
            
            NVD: CVE-2017-2443

REFERENCES
url:http://www.securityfocus.com/bid/97140
Trust: 1.8
url:https://support.apple.com/ht207615
Trust: 1.8
url:https://www.exploit-db.com/exploits/41790/
Trust: 1.3
url:http://www.securitytracker.com/id/1038138
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2443
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2443
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110646 // 
            
            
            
            VULMON: CVE-2017-2443 // 
            
            
            
            BID: 97140 // 
            
            
            
            JVNDB: JVNDB-2017-002347 // 
            
            
            
            CNNVD: CNNVD-201704-081 // 
            
            
            
            NVD: CVE-2017-2443

CREDITS
Ulf Frisk, Apple, Brandon Azad, an anonymous researcher, Max Bazaliy, beist, Sergey Bylokhov, Simon Huang, pjf, Alex Fishman, Izik Eidus, Pekka Oikarainen, Matias Karhumaa, Marko Laakso, @cocoahuke, kimyok, Craig Arendt, Axis, sss, Orr A, Benjamin Gnahm, I
Trust: 0.3
sources:
            
            
            BID: 97140

SOURCES
db:VULHUBid:VHN-110646
db:VULMONid:CVE-2017-2443
db:BIDid:97140
db:JVNDBid:JVNDB-2017-002347
db:CNNVDid:CNNVD-201704-081
db:NVDid:CVE-2017-2443

LAST UPDATE DATE
2024-11-23T21:28:39.366000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110646date:2017-08-16T00:00:00
db:VULMONid:CVE-2017-2443date:2017-08-16T00:00:00
db:BIDid:97140date:2017-06-08T08:02:00
db:JVNDBid:JVNDB-2017-002347date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-081date:2017-04-06T00:00:00
db:NVDid:CVE-2017-2443date:2024-11-21T03:23:32.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-110646date:2017-04-02T00:00:00
db:VULMONid:CVE-2017-2443date:2017-04-02T00:00:00
db:BIDid:97140date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002347date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-081date:2017-04-06T00:00:00
db:NVDid:CVE-2017-2443date:2017-04-02T01:59:02.327