Details of VAR-201209-0369

ID

VAR-201209-0369

CVE

CVE-2012-3730

TITLE

Apple iOS Forged file attachment vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004535

DESCRIPTION

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions by spoofing email attachments, allowing the attacker to perform malicious activities. Other attacks may also be possible. Note: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2012-3730 // JVNDB: JVNDB-2012-004535 // BID: 56296 // VULHUB: VHN-57011

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	5.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	6	Trust: 0.3

sources: BID: 56296 // JVNDB: JVNDB-2012-004535 // CNNVD: CNNVD-201209-451 // NVD: CVE-2012-3730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3730
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3730
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-451
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57011
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3730
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57011
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57011 // JVNDB: JVNDB-2012-004535 // CNNVD: CNNVD-201209-451 // NVD: CVE-2012-3730

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2012-004535 // NVD: CVE-2012-3730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-451

TYPE

Design Error

Trust: 0.9

sources: BID: 56296 // CNNVD: CNNVD-201209-451

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004535

PATCH

title:	APPLE-SA-2012-09-19-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004535

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3730	Trust: 2.8
db:	OSVDB	id:	85626	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004535	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-451	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-19-1	Trust: 0.6
db:	BID	id:	56296	Trust: 0.4
db:	VULHUB	id:	VHN-57011	Trust: 0.1

sources: VULHUB: VHN-57011 // BID: 56296 // JVNDB: JVNDB-2012-004535 // CNNVD: CNNVD-201209-451 // NVD: CVE-2012-3730

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 2.0
url:	http://support.apple.com/kb/ht5503	Trust: 1.7
url:	http://osvdb.org/85626	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78717	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3730	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3730	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-57011 // BID: 56296 // JVNDB: JVNDB-2012-004535 // CNNVD: CNNVD-201209-451 // NVD: CVE-2012-3730

CREDITS

Angelo Prado of the salesforce.com Product Security Team

Trust: 0.3

sources: BID: 56296

SOURCES

db:	VULHUB	id:	VHN-57011
db:	BID	id:	56296
db:	JVNDB	id:	JVNDB-2012-004535
db:	CNNVD	id:	CNNVD-201209-451
db:	NVD	id:	CVE-2012-3730

LAST UPDATE DATE

2025-04-11T20:35:02.978000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57011	date:	2017-08-29T00:00:00
db:	BID	id:	56296	date:	2015-03-19T08:33:00
db:	JVNDB	id:	JVNDB-2012-004535	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-451	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3730	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57011	date:	2012-09-20T00:00:00
db:	BID	id:	56296	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004535	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-451	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3730	date:	2012-09-20T21:55:03.453