CVE-2017-2369

HIGH

Apple <10.2.1, <10.0.3, <10.1.1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2369. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Chromium's HTMLKeygenElement, where caretRangeFromPoint allows modification of the userAgentShadowRoot, leading to a blind cast of an incorrect node type to HTMLSelectElement. The PoC demonstrates the vulnerability but does not include a full exploit chain.

Description

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/41215

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in Chromium's HTMLKeygenElement, where caretRangeFromPoint allows modification of the userAgentShadowRoot, leading to a blind cast of an incorrect node type to HTMLSelectElement. The PoC demonstrates the vulnerability but does not include a full exploit chain.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Chromium-based browsers (e.g., Chrome) prior to fix for CVE-2017-2369

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target browser must be vulnerable to CVE-2017-2369

MITRE ATT&CK