CVE-2017-2391 Information

Description

An issue was discovered in certain Apple products. Pages before 6.1 Numbers before 4.1 and Keynote before 7.1 on macOS and Pages before 3.1 Numbers before 3.1 and Keynote before 3.1 on iOS are affected. The issue involves the \Export\ component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/97126 http://www.securitytracker.com/id/1038134 http://www.securitytracker.com/id/1038135 http://www.securitytracker.com/id/1038136 https://support.apple.com/HT207595

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3