Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-7005

Published: 03/04/2018 Updated: 08/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Safari

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 10.3.2 is affected. Safari prior to 10.1.1 is affected. tvOS prior to 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple tvos

apple iphone os

Exploits

Exploit DB: WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1208 After JSGlobalObject::haveABadTime is called, the type of all JavaScript arrays(including newly created arrays) are of the same type: ArrayWithSlowPutArrayStorage But (of course) this only affects objects that share the same JSGlobalObject So arrays come from another ...
Exploit DB: WebKit JSC JSGlobalObject::haveABadTime Type Confusion
WebKit JSC suffers from a JSGlobalObject::haveABadTime type confusion vulnerability ...

Github Repositories

https://github.com/ALEXZZZ9/PS4-5.01-WebKit-Exploit-PoC

PS4 5.01 WebKit Exploit PoC

PS4 501 WebKit Exploit PoC Based on: CVE-2017-7005 PegaSwitch (Copyright 2017 ReSwitched Team) 40x exploit by qwertyoruiopz This exploit supports 501 (maybe others)! Installation Install the latest version of node from nodejsorg Clone this repository Run npm install Usage Run npm start License MIT License See attached LICENSEmd file

https://github.com/satel0000/PS4-5.xx-WebKit-Exploit-PoC

PS4-5.xx-WebKit-Exploit that allows you to dump libkernel and libSceWebKit2. Originally forked from ALEXZZZ9.

PS4 501, 505, 550(beta) WebKit Exploit PoC Based on: CVE-2017-7005 PegaSwitch (Copyright 2017 ReSwitched Team) 40x exploit by qwertyoruiopz This exploit supports 501, 505 as well as 550 beta Screenshot Installation Install the latest version of node from nodejsorg Clone this repository Run npm install Usage Run npm start License MIT License See attached LICENSE

References

CWE-119https://support.apple.com/HT207804https://support.apple.com/HT207801https://support.apple.com/HT207798https://www.exploit-db.com/exploits/42188/https://github.com/Quindecim/Orbis-Exploit-5.xhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/42188/https://github.com/ALEXZZZ9/PS4-5.01-WebKit-Exploit-PoC
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook