Sign-up

ID

VAR-201207-0207


CVE

CVE-2012-3604


TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003335

DESCRIPTION

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities. Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Vulnerabilities exist in using WebKit in versions prior to Apple Safari 6.0. ============================================================================ Ubuntu Security Notice USN-1617-1 October 25, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1617-1 CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652, CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1

Trust: 2.07

sources: NVD: CVE-2012-3604 // JVNDB: JVNDB-2012-003335 // BID: 54680 // VULHUB: VHN-56885 // PACKETSTORM: 117673

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:6 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (iphone 3gs or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (ipod touch first 4 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:10.7

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

sources: BID: 54680 // JVNDB: JVNDB-2012-003335 // CNNVD: CNNVD-201207-479 // NVD: CVE-2012-3604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3604
value: HIGH

Trust: 1.0

NVD: CVE-2012-3604
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-479
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56885
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3604
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56885
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56885 // JVNDB: JVNDB-2012-003335 // CNNVD: CNNVD-201207-479 // NVD: CVE-2012-3604

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3604

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 117673 // CNNVD: CNNVD-201207-479

TYPE

Unknown

Trust: 0.3

sources: BID: 54680

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003335

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485?viewlocale=ja_JP
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003335

EXTERNAL IDS
db:NVDid:CVE-2012-3604
Trust: 2.9
db:JVNDBid:JVNDB-2012-003335
Trust: 0.8
db:CNNVDid:CNNVD-201207-479
Trust: 0.7
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:NSFOCUSid:20163
Trust: 0.6
db:NSFOCUSid:20147
Trust: 0.6
db:BIDid:54680
Trust: 0.3
db:VULHUBid:VHN-56885
Trust: 0.1
db:PACKETSTORMid:117673
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56885 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003335 // 
            
            
            
            PACKETSTORM: 117673 // 
            
            
            
            CNNVD: CNNVD-201207-479 // 
            
            
            
            NVD: CVE-2012-3604

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht5400
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html
Trust: 1.1
url:http://support.apple.com/kb/ht5485
Trust: 1.1
url:http://support.apple.com/kb/ht5503
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3604
Trust: 0.8
url:http://jvn.jp/cert/jvnvu624491/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3604
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20163
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-3625
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3059
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3067
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3051
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1617-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3628
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3598
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3060
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3031
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3038
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3645
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3064
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3043
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3090
Trust: 0.1
url:https://launchpad.net/bugs/1058339
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3626
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1521
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3044
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3086
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3053
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3611
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3076
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3604
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3601
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3081
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3652
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3617
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3042
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3627
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3612
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56885 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003335 // 
            
            
            
            PACKETSTORM: 117673 // 
            
            
            
            CNNVD: CNNVD-201207-479 // 
            
            
            
            NVD: CVE-2012-3604

CREDITS
Dave Mandelin of Mozilla, Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP, Skylined of the Google Chrome Security Team, Apple Product Security, miaubiz, Martin Bar
Trust: 0.3
sources:
            
            
            BID: 54680

SOURCES
db:VULHUBid:VHN-56885
db:BIDid:54680
db:JVNDBid:JVNDB-2012-003335
db:PACKETSTORMid:117673
db:CNNVDid:CNNVD-201207-479
db:NVDid:CVE-2012-3604

LAST UPDATE DATE
2025-04-11T21:48:43.891000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56885date:2012-09-22T00:00:00
db:BIDid:54680date:2012-10-25T18:40:00
db:JVNDBid:JVNDB-2012-003335date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201207-479date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3604date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-56885date:2012-07-25T00:00:00
db:BIDid:54680date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003335date:2012-07-27T00:00:00
db:PACKETSTORMid:117673date:2012-10-25T20:48:27
db:CNNVDid:CNNVD-201207-479date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3604date:2012-07-25T20:55:02.320