Sign-up

ID

VAR-201711-0425


CVE

CVE-2017-13824


TITLE

Apple macOS of Open Scripting Architecture Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-010359

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.71

sources: NVD: CVE-2017-13824 // JVNDB: JVNDB-2017-010359 // VULHUB: VHN-104485

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

sources: JVNDB: JVNDB-2017-010359 // CNNVD: CNNVD-201711-408 // NVD: CVE-2017-13824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13824
value: HIGH

Trust: 1.0

NVD: CVE-2017-13824
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-408
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13824
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104485
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13824
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104485 // JVNDB: JVNDB-2017-010359 // CNNVD: CNNVD-201711-408 // NVD: CVE-2017-13824

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-104485 // JVNDB: JVNDB-2017-010359 // NVD: CVE-2017-13824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-408

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010359

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208221url:https://support.apple.com/en-us/HT208221
Trust: 0.8
title:HT208221url:https://support.apple.com/ja-jp/HT208221
Trust: 0.8
title:Apple macOS High Sierra Open Scripting Architecture Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76276
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010359 // 
            
            
            
            CNNVD: CNNVD-201711-408

EXTERNAL IDS
db:NVDid:CVE-2017-13824
Trust: 2.5
db:SECTRACKid:1039710
Trust: 1.1
db:JVNid:JVNVU99000953
Trust: 0.8
db:JVNDBid:JVNDB-2017-010359
Trust: 0.8
db:CNNVDid:CNNVD-201711-408
Trust: 0.7
db:VULHUBid:VHN-104485
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104485 // 
            
            
            
            JVNDB: JVNDB-2017-010359 // 
            
            
            
            CNNVD: CNNVD-201711-408 // 
            
            
            
            NVD: CVE-2017-13824

REFERENCES
url:https://support.apple.com/ht208221
Trust: 1.7
url:http://www.securitytracker.com/id/1039710
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13824
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99000953/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13824
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104485 // 
            
            
            
            JVNDB: JVNDB-2017-010359 // 
            
            
            
            CNNVD: CNNVD-201711-408 // 
            
            
            
            NVD: CVE-2017-13824

SOURCES
db:VULHUBid:VHN-104485
db:JVNDBid:JVNDB-2017-010359
db:CNNVDid:CNNVD-201711-408
db:NVDid:CVE-2017-13824

LAST UPDATE DATE
2025-04-20T22:15:36.440000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104485date:2017-11-27T00:00:00
db:JVNDBid:JVNDB-2017-010359date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-408date:2017-11-14T00:00:00
db:NVDid:CVE-2017-13824date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-104485date:2017-11-13T00:00:00
db:JVNDBid:JVNDB-2017-010359date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-408date:2017-11-14T00:00:00
db:NVDid:CVE-2017-13824date:2017-11-13T03:29:01.787