Search for vulnerabilities
| Vulnerability ID | VCID-rtsk-1d1f-afck |
| Aliases |
CVE-2017-7048
|
| Summary | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 9.0 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| epss | 0.04406 | https://api.first.org/data/v1/epss?cve=CVE-2017-7048 |
| cvssv2 | 9.3 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| cvssv3 | 8.8 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| archlinux | Critical | https://security.archlinux.org/AVG-362 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2017-7048 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7048 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| ASA-201707-25 | https://security.archlinux.org/ASA-201707-25 | |
| AVG-362 | https://security.archlinux.org/AVG-362 | |
| CVE-2017-7048 | Exploit | https://bugs.chromium.org/p/project-zero/issues/detail?id=1249 |
| CVE-2017-7048 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/42360.html |
| USN-3376-1 | https://usn.ubuntu.com/3376-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | July 24, 2017 |
| Description | WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free |
| Ransomware campaign use | Known |
| Source publication date | July 24, 2017 |
| Exploit type | dos |
| Platform | multiple |
| Source update date | July 24, 2017 |
| Source URL | https://bugs.chromium.org/p/project-zero/issues/detail?id=1249 |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.88958 |
| EPSS Score | 0.04406 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T16:32:45.207629+00:00 | Debian Oval Importer | Import | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.0.0 |