Sign-up

ID

VAR-201711-0453


CVE

CVE-2017-13801


TITLE

Apple macOS Local dictionary file component vulnerability in the Japanese dictionary widget component

Trust: 0.8

sources: JVNDB: JVNDB-2017-010377

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.71

sources: NVD: CVE-2017-13801 // JVNDB: JVNDB-2017-010377 // VULHUB: VHN-104460

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.0

Trust: 0.6

sources: JVNDB: JVNDB-2017-010377 // CNNVD: CNNVD-201709-173 // NVD: CVE-2017-13801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13801
value: LOW

Trust: 1.0

NVD: CVE-2017-13801
value: LOW

Trust: 0.8

CNNVD: CNNVD-201709-173
value: LOW

Trust: 0.6

VULHUB: VHN-104460
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-13801
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104460
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13801
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104460 // JVNDB: JVNDB-2017-010377 // CNNVD: CNNVD-201709-173 // NVD: CVE-2017-13801

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104460 // JVNDB: JVNDB-2017-010377 // NVD: CVE-2017-13801

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-173

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010377

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208221url:https://support.apple.com/en-us/HT208221
Trust: 0.8
title:HT208221url:https://support.apple.com/ja-jp/HT208221
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010377

EXTERNAL IDS
db:NVDid:CVE-2017-13801
Trust: 2.5
db:SECTRACKid:1039710
Trust: 1.1
db:JVNid:JVNVU99000953
Trust: 0.8
db:JVNDBid:JVNDB-2017-010377
Trust: 0.8
db:CNNVDid:CNNVD-201709-173
Trust: 0.7
db:VULHUBid:VHN-104460
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104460 // 
            
            
            
            JVNDB: JVNDB-2017-010377 // 
            
            
            
            CNNVD: CNNVD-201709-173 // 
            
            
            
            NVD: CVE-2017-13801

REFERENCES
url:https://support.apple.com/ht208221
Trust: 1.7
url:http://www.securitytracker.com/id/1039710
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13801
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99000953/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13801
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104460 // 
            
            
            
            JVNDB: JVNDB-2017-010377 // 
            
            
            
            CNNVD: CNNVD-201709-173 // 
            
            
            
            NVD: CVE-2017-13801

SOURCES
db:VULHUBid:VHN-104460
db:JVNDBid:JVNDB-2017-010377
db:CNNVDid:CNNVD-201709-173
db:NVDid:CVE-2017-13801

LAST UPDATE DATE
2025-04-20T21:54:44.921000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104460date:2017-11-27T00:00:00
db:JVNDBid:JVNDB-2017-010377date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201709-173date:2017-11-14T00:00:00
db:NVDid:CVE-2017-13801date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-104460date:2017-11-13T00:00:00
db:JVNDBid:JVNDB-2017-010377date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201709-173date:2017-08-30T00:00:00
db:NVDid:CVE-2017-13801date:2017-11-13T03:29:00.943