Details of VAR-201207-0098

ID

VAR-201207-0098

CVE

CVE-2012-3690

TITLE

Apple Safari 6.0 Used in less than WebKit Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2012-003313

DESCRIPTION

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is the American Apple ( Apple ) developed by the company Web browser, yes Mac OS X and iOS The default browser that comes with the operating system

Trust: 1.98

sources: NVD: CVE-2012-3690 // JVNDB: JVNDB-2012-003313 // BID: 54696 // VULHUB: VHN-56971

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	5.1.7	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.9
vendor:	apple	model:	safari	scope:	lt	version:	6.0 (mac os)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	6.0	Trust: 0.3

sources: BID: 54696 // JVNDB: JVNDB-2012-003313 // CNNVD: CNNVD-201207-456 // NVD: CVE-2012-3690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3690
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3690
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-456
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56971
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3690
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56971
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56971 // JVNDB: JVNDB-2012-003313 // CNNVD: CNNVD-201207-456 // NVD: CVE-2012-3690

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-56971 // JVNDB: JVNDB-2012-003313 // NVD: CVE-2012-3690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-456

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201207-456

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003313

PATCH

title:	APPLE-SA-2012-07-25-1	url:	http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400	Trust: 0.8

sources: JVNDB: JVNDB-2012-003313

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3690	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003313	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-456	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-07-25-1	Trust: 0.6
db:	NSFOCUS	id:	20162	Trust: 0.6
db:	NSFOCUS	id:	20147	Trust: 0.6
db:	BID	id:	54696	Trust: 0.4
db:	VULHUB	id:	VHN-56971	Trust: 0.1

sources: VULHUB: VHN-56971 // BID: 54696 // JVNDB: JVNDB-2012-003313 // CNNVD: CNNVD-201207-456 // NVD: CVE-2012-3690

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5400	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3690	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu864819	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3690	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20162	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20147	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-56971 // BID: 54696 // JVNDB: JVNDB-2012-003313 // CNNVD: CNNVD-201207-456 // NVD: CVE-2012-3690

CREDITS

David Bloom of Cue

Trust: 0.3

sources: BID: 54696

SOURCES

db:	VULHUB	id:	VHN-56971
db:	BID	id:	54696
db:	JVNDB	id:	JVNDB-2012-003313
db:	CNNVD	id:	CNNVD-201207-456
db:	NVD	id:	CVE-2012-3690

LAST UPDATE DATE

2025-04-11T20:18:31.916000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56971	date:	2012-07-26T00:00:00
db:	BID	id:	54696	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003313	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-456	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3690	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56971	date:	2012-07-25T00:00:00
db:	BID	id:	54696	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003313	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-456	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3690	date:	2012-07-25T19:55:06.057