CVE-2017-2403

HIGH

Apple <10.12.4 - RCE

Title source: llm

Description

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97140

[Vendor Advisory] https://support.apple.com/HT207615

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038138

Scores

CVSS v3 8.8

EPSS 0.0100

EPSS Percentile 77.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (1)

apple/mac_os_x < 10.12.3

Published Apr 02, 2017

Tracked Since Feb 18, 2026