CVE-2017-2361
published 2017-02-20CVE-2017-2361: An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks…
PriorityP349medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
17.13%
96.7th percentile
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.12.2 | — |
| apple | macos_sierra | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjfg-8p96-4jw7: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-17
CVE-2017-2361 [MEDIUM] CWE-79 GHSA-xjfg-8p96-4jw7: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
Apple
CVE-2017-2361: macOS Sierra 10.12.3
vendor_apple·2017-01-23·CVSS 6.1
CVE-2017-2361 [MEDIUM] CVE-2017-2361: macOS Sierra 10.12.3
Apple Security Update: About the security content of macOS Sierra 10.12.3
Product: macOS Sierra
Version: 10.12.3
CVE: CVE-2017-2361
Component: Help Viewer
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A cross-site scripting issue was addressed through improved URL validation.
Suricata
ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)
suricata·2017-03-08·CVSS 6.1
CVE-2017-2361 [MEDIUM] ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)
ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)"; flow:established,to_client; file.data; content:"%25252f..%25252f..%25252f..%25252f..%25252f..%25252f..%25252f"; content:"javascript%253aeval"; fast_pattern; content:"help|3a 2f 2f|"; pcre:"/document\s*\.\s*location\s*?\x3d\s*?[\x27\x22]help\x3a\/\/\/[^\x3b]+?\%25252f\.\.\%25252f\.\.\%25252f\.\.\%25252f/"; reference:url,exploit-db.com/exploits/41443/; classtype:attempted-user; sid:2024034; rev:3; metadata:affected_product Mac_OSX, affected_product Safari, attack_target Client_Endpoint, created_at 20
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95723http://www.securitytracker.com/id/1037671https://bugs.chromium.org/p/project-zero/issues/detail?id=1040https://support.apple.com/HT207483https://www.exploit-db.com/exploits/41443/http://www.securityfocus.com/bid/95723http://www.securitytracker.com/id/1037671https://bugs.chromium.org/p/project-zero/issues/detail?id=1040https://support.apple.com/HT207483https://www.exploit-db.com/exploits/41443/
2017-02-20
Published