Details of VAR-201710-1388

ID

VAR-201710-1388

CVE

CVE-2017-7141

TITLE

Apple macOS of Mail Component bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009332

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. An attacker could exploit this vulnerability to determine the recipient's IP address

Trust: 1.98

sources: NVD: CVE-2017-7141 // JVNDB: JVNDB-2017-009332 // BID: 100993 // VULHUB: VHN-115344

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.8 or later 10.13	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.5	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.13	Trust: 0.3

sources: BID: 100993 // JVNDB: JVNDB-2017-009332 // CNNVD: CNNVD-201703-972 // NVD: CVE-2017-7141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7141
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7141
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-972
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115344
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7141
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115344
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7141
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115344 // JVNDB: JVNDB-2017-009332 // CNNVD: CNNVD-201703-972 // NVD: CVE-2017-7141

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-115344 // JVNDB: JVNDB-2017-009332 // NVD: CVE-2017-7141

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-972

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-972

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009332

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208144	url:	https://support.apple.com/en-us/HT208144	Trust: 0.8
title:	HT208144	url:	https://support.apple.com/ja-jp/HT208144	Trust: 0.8

sources: JVNDB: JVNDB-2017-009332

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7141	Trust: 2.8
db:	BID	id:	100993	Trust: 1.4
db:	SECTRACK	id:	1039427	Trust: 1.1
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009332	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-972	Trust: 0.7
db:	VULHUB	id:	VHN-115344	Trust: 0.1

sources: VULHUB: VHN-115344 // BID: 100993 // JVNDB: JVNDB-2017-009332 // CNNVD: CNNVD-201703-972 // NVD: CVE-2017-7141

REFERENCES

url:	https://support.apple.com/ht208144	Trust: 1.7
url:	http://www.securityfocus.com/bid/100993	Trust: 1.1
url:	http://www.securitytracker.com/id/1039427	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7141	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7141	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-115344 // BID: 100993 // JVNDB: JVNDB-2017-009332 // CNNVD: CNNVD-201703-972 // NVD: CVE-2017-7141

CREDITS

Daniel Jalkut of Red Sweater Software, Brandon Azad, Tim Kingman, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX.

Trust: 0.3

sources: BID: 100993

SOURCES

db:	VULHUB	id:	VHN-115344
db:	BID	id:	100993
db:	JVNDB	id:	JVNDB-2017-009332
db:	CNNVD	id:	CNNVD-201703-972
db:	NVD	id:	CVE-2017-7141

LAST UPDATE DATE

2025-04-20T20:50:40.734000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115344	date:	2017-10-26T00:00:00
db:	BID	id:	100993	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009332	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-972	date:	2017-10-24T00:00:00
db:	NVD	id:	CVE-2017-7141	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115344	date:	2017-10-23T00:00:00
db:	BID	id:	100993	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009332	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-972	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-7141	date:	2017-10-23T01:29:13.893