Details of VAR-201209-0400

ID

VAR-201209-0400

CVE

CVE-2012-3705

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004371

DESCRIPTION

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7

Trust: 1.98

sources: NVD: CVE-2012-3705 // JVNDB: JVNDB-2012-004371 // BID: 55534 // VULHUB: VHN-56986

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0.1	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 55534 // JVNDB: JVNDB-2012-004371 // CNNVD: CNNVD-201209-270 // NVD: CVE-2012-3705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3705
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3705
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-270
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56986
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3705
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56986
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56986 // JVNDB: JVNDB-2012-004371 // CNNVD: CNNVD-201209-270 // NVD: CVE-2012-3705

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-270

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-270

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004371

PATCH

title:	APPLE-SA-2012-09-12-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502?viewlocale=ja_JP	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004371

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3705	Trust: 2.8
db:	BID	id:	55534	Trust: 1.4
db:	OSVDB	id:	85388	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004371	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-270	Trust: 0.7
db:	NSFOCUS	id:	20737	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2012-09-12-1	Trust: 0.6
db:	VULHUB	id:	VHN-56986	Trust: 0.1

sources: VULHUB: VHN-56986 // BID: 55534 // JVNDB: JVNDB-2012-004371 // CNNVD: CNNVD-201209-270 // NVD: CVE-2012-3705

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5485	Trust: 1.7
url:	http://support.apple.com/kb/ht5502	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/55534	Trust: 1.1
url:	http://osvdb.org/85388	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17546	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78537	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3705	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu503755/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3705	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20737	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 0.3

sources: VULHUB: VHN-56986 // BID: 55534 // JVNDB: JVNDB-2012-004371 // CNNVD: CNNVD-201209-270 // NVD: CVE-2012-3705

CREDITS

Martin Barbella of the Google Chrome Security Team, miaubiz, Abhishek Arya of the Google Chrome Security Team, Skylined of the Google Chrome Security Team, Yong Li of Research In Motion, Apple Product Security, Dominic Cooney of Google, Apple, Mario Gomes

Trust: 0.3

sources: BID: 55534

SOURCES

db:	VULHUB	id:	VHN-56986
db:	BID	id:	55534
db:	JVNDB	id:	JVNDB-2012-004371
db:	CNNVD	id:	CNNVD-201209-270
db:	NVD	id:	CVE-2012-3705

LAST UPDATE DATE

2025-04-11T22:34:11.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56986	date:	2017-09-19T00:00:00
db:	BID	id:	55534	date:	2013-01-28T21:00:00
db:	JVNDB	id:	JVNDB-2012-004371	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201209-270	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3705	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56986	date:	2012-09-13T00:00:00
db:	BID	id:	55534	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004371	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-270	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3705	date:	2012-09-13T10:30:21.137