Headline
CVE-2018-4302: About the security content of iTunes 12.7 for Windows
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
Released September 12, 2017
CFNetwork
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro’s Zero Day Initiative
CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro’s Zero Day Initiative
Entry added November 10, 2017
ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
CVE-2017-13831: Glen Carmichael
Entry added October 31, 2017, updated November 10, 2017
libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore
Entry added October 18, 2018
libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2017-7376: an anonymous researcher
CVE-2017-5130: an anonymous researcher
Entry added October 18, 2018
libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero
Entry added October 18, 2018
libxml2
Available for: All Apple Watch models
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A null pointer dereference was addressed with improved validation.
CVE-2018-4302: Gustavo Grieco
Entry added October 18, 2018
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-7081: Apple
Entry added September 25, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-7087: Apple
CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team
CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative
CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group
CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day Initiative
CVE-2017-7096: Wei Yuan of Baidu Security Lab
CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica
CVE-2017-7099: Apple
CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53
CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University
CVE-2017-7104: likemeng of Baidu Secutity Lab
CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University
CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-7117: lokihardt of Google Project Zero
CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab
Entry added September 25, 2017
WebKit
Available for: Windows 7 and later
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.
CVE-2017-7090: Apple
Entry added September 25, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: Application Cache policy may be unexpectedly applied.
CVE-2017-7109: avlidienbrunn
Entry added September 25, 2017