Details of VAR-201207-0526

ID

VAR-201207-0526

CVE

CVE-2012-2647

TITLE

Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Trust: 0.8

sources: JVNDB: JVNDB-2012-000072

DESCRIPTION

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Toolbar is prone to a remote security vulnerability. Yahoo! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information

Trust: 1.98

sources: NVD: CVE-2012-2647 // JVNDB: JVNDB-2012-000072 // BID: 78201 // VULHUB: VHN-55928

AFFECTED PRODUCTS

vendor:	yahoo	model:	toolbar	scope:	lte	version:	1.0.0.5	Trust: 1.0
vendor:	yahoo	model:	toolbar	scope:	eq	version:	1.0.0.5	Trust: 0.9
vendor:	yahoo	model:	installer of yahoo! toolbar	scope:	lte	version:	for chrome ver.1.0.0.5	Trust: 0.8
vendor:	yahoo	model:	installer of yahoo! toolbar	scope:	lte	version:	for safari ver.1.0.0.5	Trust: 0.8

sources: BID: 78201 // JVNDB: JVNDB-2012-000072 // CNNVD: CNNVD-201207-601 // NVD: CVE-2012-2647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2647
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2012-000072
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-601
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-55928
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-2647
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2012-000072
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-55928
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-55928 // JVNDB: JVNDB-2012-000072 // CNNVD: CNNVD-201207-601 // NVD: CVE-2012-2647

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-55928 // JVNDB: JVNDB-2012-000072 // NVD: CVE-2012-2647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-601

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201207-601

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-000072

PATCH

title:

Yahoo! Toolbar

url:

http://toolbar.yahoo.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2012-000072

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2647	Trust: 2.8
db:	JVN	id:	JVN51769987	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-000072	Trust: 2.8
db:	CNNVD	id:	CNNVD-201207-601	Trust: 0.7
db:	JVN	id:	JVN#51769987	Trust: 0.6
db:	BID	id:	78201	Trust: 0.4
db:	VULHUB	id:	VHN-55928	Trust: 0.1

sources: VULHUB: VHN-55928 // BID: 78201 // JVNDB: JVNDB-2012-000072 // CNNVD: CNNVD-201207-601 // NVD: CVE-2012-2647

REFERENCES

url:	http://jvn.jp/en/jp/jvn51769987/index.html	Trust: 2.0
url:	http://jvndb.jvn.jp/jvndb/jvndb-2012-000072	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2647	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn51769987/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2647	Trust: 0.8

sources: VULHUB: VHN-55928 // BID: 78201 // JVNDB: JVNDB-2012-000072 // CNNVD: CNNVD-201207-601 // NVD: CVE-2012-2647

CREDITS

Unknown

Trust: 0.3

sources: BID: 78201

SOURCES

db:	VULHUB	id:	VHN-55928
db:	BID	id:	78201
db:	JVNDB	id:	JVNDB-2012-000072
db:	CNNVD	id:	CNNVD-201207-601
db:	NVD	id:	CVE-2012-2647

LAST UPDATE DATE

2025-04-11T23:04:12.970000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-55928	date:	2012-07-31T00:00:00
db:	BID	id:	78201	date:	2012-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2012-000072	date:	2012-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201207-601	date:	2012-08-01T00:00:00
db:	NVD	id:	CVE-2012-2647	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-55928	date:	2012-07-31T00:00:00
db:	BID	id:	78201	date:	2012-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2012-000072	date:	2012-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201207-601	date:	2012-07-31T00:00:00
db:	NVD	id:	CVE-2012-2647	date:	2012-07-31T10:45:42.093