Sign-up

ID

VAR-201207-0197


CVE

CVE-2012-3615


TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003341

DESCRIPTION

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities. Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Vulnerabilities exist in using WebKit in versions prior to Apple Safari 6.0. ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1

Trust: 2.07

sources: NVD: CVE-2012-3615 // JVNDB: JVNDB-2012-003341 // BID: 54680 // VULHUB: VHN-56896 // PACKETSTORM: 115375

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:6 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (iphone 3gs or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (ipod touch first 4 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:10.7

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

sources: BID: 54680 // JVNDB: JVNDB-2012-003341 // CNNVD: CNNVD-201207-485 // NVD: CVE-2012-3615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3615
value: HIGH

Trust: 1.0

NVD: CVE-2012-3615
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-485
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56896
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3615
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56896
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56896 // JVNDB: JVNDB-2012-003341 // CNNVD: CNNVD-201207-485 // NVD: CVE-2012-3615

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3615

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 115375 // CNNVD: CNNVD-201207-485

TYPE

Unknown

Trust: 0.3

sources: BID: 54680

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003341

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485?viewlocale=ja_JP
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003341

EXTERNAL IDS
db:NVDid:CVE-2012-3615
Trust: 2.9
db:JVNDBid:JVNDB-2012-003341
Trust: 0.8
db:CNNVDid:CNNVD-201207-485
Trust: 0.7
db:NSFOCUSid:20147
Trust: 0.6
db:NSFOCUSid:20163
Trust: 0.6
db:NSFOCUSid:20739
Trust: 0.6
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:BIDid:54680
Trust: 0.3
db:VULHUBid:VHN-56896
Trust: 0.1
db:PACKETSTORMid:115375
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56896 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003341 // 
            
            
            
            PACKETSTORM: 115375 // 
            
            
            
            CNNVD: CNNVD-201207-485 // 
            
            
            
            NVD: CVE-2012-3615

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht5400
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html
Trust: 1.1
url:http://support.apple.com/kb/ht5485
Trust: 1.1
url:http://support.apple.com/kb/ht5503
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3615
Trust: 0.8
url:http://jvn.jp/cert/jvnvu624491/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3615
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20163
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20739
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://launchpad.net/bugs/1027283
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3069
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1524-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3073
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0672
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3680
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3656
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3067
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3074
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3655
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3615
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3046
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3075
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3078
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3050
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3068
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56896 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003341 // 
            
            
            
            PACKETSTORM: 115375 // 
            
            
            
            CNNVD: CNNVD-201207-485 // 
            
            
            
            NVD: CVE-2012-3615

CREDITS
Dave Mandelin of Mozilla, Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP, Skylined of the Google Chrome Security Team, Apple Product Security, miaubiz, Martin Bar
Trust: 0.3
sources:
            
            
            BID: 54680

SOURCES
db:VULHUBid:VHN-56896
db:BIDid:54680
db:JVNDBid:JVNDB-2012-003341
db:PACKETSTORMid:115375
db:CNNVDid:CNNVD-201207-485
db:NVDid:CVE-2012-3615

LAST UPDATE DATE
2025-04-11T21:41:46.443000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56896date:2012-09-22T00:00:00
db:BIDid:54680date:2012-10-25T18:40:00
db:JVNDBid:JVNDB-2012-003341date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201207-485date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3615date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-56896date:2012-07-25T00:00:00
db:BIDid:54680date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003341date:2012-07-27T00:00:00
db:PACKETSTORMid:115375date:2012-08-09T01:33:19
db:CNNVDid:CNNVD-201207-485date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3615date:2012-07-25T20:55:02.633