Details of VAR-201209-0264

ID

VAR-201209-0264

CVE

CVE-2012-3676

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004358

DESCRIPTION

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7

Trust: 1.98

sources: NVD: CVE-2012-3676 // JVNDB: JVNDB-2012-004358 // BID: 55534 // VULHUB: VHN-56957

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0.1	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 55534 // JVNDB: JVNDB-2012-004358 // CNNVD: CNNVD-201209-257 // NVD: CVE-2012-3676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3676
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3676
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-257
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56957
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3676
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56957
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56957 // JVNDB: JVNDB-2012-004358 // CNNVD: CNNVD-201209-257 // NVD: CVE-2012-3676

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-257

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-257

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004358

PATCH

title:	APPLE-SA-2012-09-12-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502?viewlocale=ja_JP	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8
title:	iTunesSetup_11.0.0.163	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44852	Trust: 0.6

sources: JVNDB: JVNDB-2012-004358 // CNNVD: CNNVD-201209-257

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3676	Trust: 2.8
db:	BID	id:	55534	Trust: 1.4
db:	OSVDB	id:	85374	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004358	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-257	Trust: 0.7
db:	NSFOCUS	id:	20722	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2012-09-12-1	Trust: 0.6
db:	VULHUB	id:	VHN-56957	Trust: 0.1

sources: VULHUB: VHN-56957 // BID: 55534 // JVNDB: JVNDB-2012-004358 // CNNVD: CNNVD-201209-257 // NVD: CVE-2012-3676

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5485	Trust: 1.7
url:	http://support.apple.com/kb/ht5502	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/55534	Trust: 1.1
url:	http://support.apple.com/kb/ht5503	Trust: 1.1
url:	http://osvdb.org/85374	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17352	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78525	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3676	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu503755/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3676	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20722	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 0.3

sources: VULHUB: VHN-56957 // BID: 55534 // JVNDB: JVNDB-2012-004358 // CNNVD: CNNVD-201209-257 // NVD: CVE-2012-3676

CREDITS

Martin Barbella of the Google Chrome Security Team, miaubiz, Abhishek Arya of the Google Chrome Security Team, Skylined of the Google Chrome Security Team, Yong Li of Research In Motion, Apple Product Security, Dominic Cooney of Google, Apple, Mario Gomes

Trust: 0.3

sources: BID: 55534

SOURCES

db:	VULHUB	id:	VHN-56957
db:	BID	id:	55534
db:	JVNDB	id:	JVNDB-2012-004358
db:	CNNVD	id:	CNNVD-201209-257
db:	NVD	id:	CVE-2012-3676

LAST UPDATE DATE

2025-04-11T21:43:13.136000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56957	date:	2017-09-19T00:00:00
db:	BID	id:	55534	date:	2013-01-28T21:00:00
db:	JVNDB	id:	JVNDB-2012-004358	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201209-257	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3676	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56957	date:	2012-09-13T00:00:00
db:	BID	id:	55534	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004358	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-257	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3676	date:	2012-09-13T10:30:20.557