{ "id": "CVE-2017-2441", "sourceIdentifier": "product-security@apple.com", "published": "2017-04-02T01:59:02.263", "lastModified": "2019-03-08T16:06:33.217", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"libc++abi\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling." }, { "lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 est\u00e1 afectado. macOS en versiones anteriores a 10.12.4 est\u00e1 afectado. tvOS en versiones anteriores a 10.2 est\u00e1 afectado. watchOS en versiones anteriores a 3.2 est\u00e1 afectado. El problema involucra al componente \"libc++abi\". Una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una aplicaci\u00f3n C++ manipulada que no se maneja adecuadamente durante el desmantelamiento." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-416" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.2.1", "matchCriteriaId": "A705829E-76A8-4AA8-8D82-037E4E8A52FC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.12.3", "matchCriteriaId": "1684E315-F3D0-4D2B-83D1-41E004FBFA70" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.1.1", "matchCriteriaId": "197AACC5-2587-46F6-8658-1B4824B42580" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.1.3", "matchCriteriaId": "395A9BA0-9375-4902-AA7B-6D2A153E7E0C" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/97137", "source": "product-security@apple.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1038138", "source": "product-security@apple.com" }, { "url": "https://support.apple.com/HT207601", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/HT207602", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/HT207615", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/HT207617", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] } ] }