Sign-up

ID

VAR-201207-0275


CVE

CVE-2012-3655


TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003365

DESCRIPTION

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. WebKit is prone to multiple unspecified remote code-execution vulnerabilities. Attackers can exploit these issues by performing a man-in-the-middle attack. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Vulnerabilities exist in using WebKit in versions prior to Apple Safari 6.0. ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1

Trust: 2.07

sources: NVD: CVE-2012-3655 // JVNDB: JVNDB-2012-003365 // BID: 54680 // VULHUB: VHN-56936 // PACKETSTORM: 115375

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:6 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (iphone 3gs or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (ipod touch first 4 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:10.7

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

sources: BID: 54680 // JVNDB: JVNDB-2012-003365 // CNNVD: CNNVD-201207-509 // NVD: CVE-2012-3655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3655
value: HIGH

Trust: 1.0

NVD: CVE-2012-3655
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-509
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56936
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3655
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56936
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56936 // JVNDB: JVNDB-2012-003365 // CNNVD: CNNVD-201207-509 // NVD: CVE-2012-3655

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-56936 // JVNDB: JVNDB-2012-003365 // NVD: CVE-2012-3655

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 115375 // CNNVD: CNNVD-201207-509

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201207-509

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003365

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400?viewlocale=ja_JP
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503?viewlocale=ja_JP
Trust: 0.8
title:HT5485url:http://support.apple.com/kb/HT5485?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003365

EXTERNAL IDS
db:NVDid:CVE-2012-3655
Trust: 2.9
db:JVNDBid:JVNDB-2012-003365
Trust: 0.8
db:CNNVDid:CNNVD-201207-509
Trust: 0.7
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:NSFOCUSid:20163
Trust: 0.6
db:NSFOCUSid:20147
Trust: 0.6
db:BIDid:54680
Trust: 0.3
db:VULHUBid:VHN-56936
Trust: 0.1
db:PACKETSTORMid:115375
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56936 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003365 // 
            
            
            
            PACKETSTORM: 115375 // 
            
            
            
            CNNVD: CNNVD-201207-509 // 
            
            
            
            NVD: CVE-2012-3655

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht5400
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html
Trust: 1.1
url:http://support.apple.com/kb/ht5485
Trust: 1.1
url:http://support.apple.com/kb/ht5503
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3655
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu624491
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3655
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20163
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://launchpad.net/bugs/1027283
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3069
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1524-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3073
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0672
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3680
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3656
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3067
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3074
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3655
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3615
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3046
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3075
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3078
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3050
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3068
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56936 // 
            
            
            
            BID: 54680 // 
            
            
            
            JVNDB: JVNDB-2012-003365 // 
            
            
            
            PACKETSTORM: 115375 // 
            
            
            
            CNNVD: CNNVD-201207-509 // 
            
            
            
            NVD: CVE-2012-3655

CREDITS
Dave Mandelin of Mozilla, Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP, Skylined of the Google Chrome Security Team, Apple Product Security, miaubiz, Martin Bar
Trust: 0.3
sources:
            
            
            BID: 54680

SOURCES
db:VULHUBid:VHN-56936
db:BIDid:54680
db:JVNDBid:JVNDB-2012-003365
db:PACKETSTORMid:115375
db:CNNVDid:CNNVD-201207-509
db:NVDid:CVE-2012-3655

LAST UPDATE DATE
2025-04-11T21:18:59.932000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56936date:2012-09-22T00:00:00
db:BIDid:54680date:2012-10-25T18:40:00
db:JVNDBid:JVNDB-2012-003365date:2012-10-17T00:00:00
db:CNNVDid:CNNVD-201207-509date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3655date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-56936date:2012-07-25T00:00:00
db:BIDid:54680date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003365date:2012-07-27T00:00:00
db:PACKETSTORMid:115375date:2012-08-09T01:33:19
db:CNNVDid:CNNVD-201207-509date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3655date:2012-07-25T20:55:03.960