Details of VAR-201207-0206

ID

VAR-201207-0206

CVE

CVE-2012-3603

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003334

DESCRIPTION

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities. Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Vulnerabilities exist in using WebKit in versions prior to Apple Safari 6.0

Trust: 1.98

sources: NVD: CVE-2012-3603 // JVNDB: JVNDB-2012-003334 // BID: 54680 // VULHUB: VHN-56884

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	5.1.7	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0 (mac os)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.x	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3

sources: BID: 54680 // JVNDB: JVNDB-2012-003334 // CNNVD: CNNVD-201207-478 // NVD: CVE-2012-3603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3603
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-3603
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201207-478
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-56884
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-3603
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56884
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56884 // JVNDB: JVNDB-2012-003334 // CNNVD: CNNVD-201207-478 // NVD: CVE-2012-3603

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-478

TYPE

Unknown

Trust: 0.3

sources: BID: 54680

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003334

PATCH

title:	APPLE-SA-2012-07-25-1	url:	http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-003334

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3603	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-478	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-07-25-1	Trust: 0.6
db:	NSFOCUS	id:	20163	Trust: 0.6
db:	NSFOCUS	id:	20147	Trust: 0.6
db:	BID	id:	54680	Trust: 0.3
db:	VULHUB	id:	VHN-56884	Trust: 0.1

sources: VULHUB: VHN-56884 // BID: 54680 // JVNDB: JVNDB-2012-003334 // CNNVD: CNNVD-201207-478 // NVD: CVE-2012-3603

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5400	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.1
url:	http://support.apple.com/kb/ht5485	Trust: 1.1
url:	http://support.apple.com/kb/ht5503	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3603	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu864819/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3603	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20163	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20147	Trust: 0.6
url:	http://www.apple.com/safari/download/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-56884 // BID: 54680 // JVNDB: JVNDB-2012-003334 // CNNVD: CNNVD-201207-478 // NVD: CVE-2012-3603

CREDITS

Dave Mandelin of Mozilla, Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP, Skylined of the Google Chrome Security Team, Apple Product Security, miaubiz, Martin Bar

Trust: 0.3

sources: BID: 54680

SOURCES

db:	VULHUB	id:	VHN-56884
db:	BID	id:	54680
db:	JVNDB	id:	JVNDB-2012-003334
db:	CNNVD	id:	CNNVD-201207-478
db:	NVD	id:	CVE-2012-3603

LAST UPDATE DATE

2025-04-11T22:08:14.134000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56884	date:	2012-09-22T00:00:00
db:	BID	id:	54680	date:	2012-10-25T18:40:00
db:	JVNDB	id:	JVNDB-2012-003334	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201207-478	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3603	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56884	date:	2012-07-25T00:00:00
db:	BID	id:	54680	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003334	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-478	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3603	date:	2012-07-25T20:55:02.273