Details of VAR-201209-0351

ID

VAR-201209-0351

CVE

CVE-2012-3711

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004377

DESCRIPTION

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7

Trust: 1.98

sources: NVD: CVE-2012-3711 // JVNDB: JVNDB-2012-004377 // BID: 55534 // VULHUB: VHN-56992

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0.1	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 55534 // JVNDB: JVNDB-2012-004377 // CNNVD: CNNVD-201209-276 // NVD: CVE-2012-3711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3711
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3711
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-276
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56992
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3711
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56992
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56992 // JVNDB: JVNDB-2012-004377 // CNNVD: CNNVD-201209-276 // NVD: CVE-2012-3711

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-276

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-276

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004377

PATCH

title:	APPLE-SA-2012-09-12-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502?viewlocale=ja_JP	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004377

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3711	Trust: 2.8
db:	BID	id:	55534	Trust: 1.4
db:	OSVDB	id:	85394	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004377	Trust: 0.8
db:	NSFOCUS	id:	20708	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2012-09-12-1	Trust: 0.6
db:	CNNVD	id:	CNNVD-201209-276	Trust: 0.6
db:	VULHUB	id:	VHN-56992	Trust: 0.1

sources: VULHUB: VHN-56992 // BID: 55534 // JVNDB: JVNDB-2012-004377 // CNNVD: CNNVD-201209-276 // NVD: CVE-2012-3711

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5485	Trust: 1.7
url:	http://support.apple.com/kb/ht5502	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/55534	Trust: 1.1
url:	http://osvdb.org/85394	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16638	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78552	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3711	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu503755/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3711	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20708	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 0.3

sources: VULHUB: VHN-56992 // BID: 55534 // JVNDB: JVNDB-2012-004377 // CNNVD: CNNVD-201209-276 // NVD: CVE-2012-3711

CREDITS

Martin Barbella of the Google Chrome Security Team, miaubiz, Abhishek Arya of the Google Chrome Security Team, Skylined of the Google Chrome Security Team, Yong Li of Research In Motion, Apple Product Security, Dominic Cooney of Google, Apple, Mario Gomes

Trust: 0.3

sources: BID: 55534

SOURCES

db:	VULHUB	id:	VHN-56992
db:	BID	id:	55534
db:	JVNDB	id:	JVNDB-2012-004377
db:	CNNVD	id:	CNNVD-201209-276
db:	NVD	id:	CVE-2012-3711

LAST UPDATE DATE

2025-04-11T21:27:46.814000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56992	date:	2017-09-19T00:00:00
db:	BID	id:	55534	date:	2013-01-28T21:00:00
db:	JVNDB	id:	JVNDB-2012-004377	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201209-276	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3711	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56992	date:	2012-09-13T00:00:00
db:	BID	id:	55534	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004377	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-276	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3711	date:	2012-09-13T10:30:21.433