Details of VAR-201209-0401

ID

VAR-201209-0401

CVE

CVE-2012-3706

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004372

DESCRIPTION

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7

Trust: 1.98

sources: NVD: CVE-2012-3706 // JVNDB: JVNDB-2012-004372 // BID: 55534 // VULHUB: VHN-56987

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0.1	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 55534 // JVNDB: JVNDB-2012-004372 // CNNVD: CNNVD-201209-271 // NVD: CVE-2012-3706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3706
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3706
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-271
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56987
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3706
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56987
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56987 // JVNDB: JVNDB-2012-004372 // CNNVD: CNNVD-201209-271 // NVD: CVE-2012-3706

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3706

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-271

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-271

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004372

PATCH

title:	APPLE-SA-2012-09-12-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502?viewlocale=ja_JP	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8
title:	iTunesSetup_11.0.0.163	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44852	Trust: 0.6

sources: JVNDB: JVNDB-2012-004372 // CNNVD: CNNVD-201209-271

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3706	Trust: 2.8
db:	BID	id:	55534	Trust: 1.4
db:	OSVDB	id:	85389	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004372	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-271	Trust: 0.7
db:	NSFOCUS	id:	20736	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2012-09-12-1	Trust: 0.6
db:	VULHUB	id:	VHN-56987	Trust: 0.1

sources: VULHUB: VHN-56987 // BID: 55534 // JVNDB: JVNDB-2012-004372 // CNNVD: CNNVD-201209-271 // NVD: CVE-2012-3706

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5485	Trust: 1.7
url:	http://support.apple.com/kb/ht5502	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/55534	Trust: 1.1
url:	http://support.apple.com/kb/ht5503	Trust: 1.1
url:	http://osvdb.org/85389	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17518	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78543	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3706	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu503755/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3706	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20736	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 0.3

sources: VULHUB: VHN-56987 // BID: 55534 // JVNDB: JVNDB-2012-004372 // CNNVD: CNNVD-201209-271 // NVD: CVE-2012-3706

CREDITS

Martin Barbella of the Google Chrome Security Team, miaubiz, Abhishek Arya of the Google Chrome Security Team, Skylined of the Google Chrome Security Team, Yong Li of Research In Motion, Apple Product Security, Dominic Cooney of Google, Apple, Mario Gomes

Trust: 0.3

sources: BID: 55534

SOURCES

db:	VULHUB	id:	VHN-56987
db:	BID	id:	55534
db:	JVNDB	id:	JVNDB-2012-004372
db:	CNNVD	id:	CNNVD-201209-271
db:	NVD	id:	CVE-2012-3706

LAST UPDATE DATE

2025-04-11T20:38:07.936000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56987	date:	2017-09-19T00:00:00
db:	BID	id:	55534	date:	2013-01-28T21:00:00
db:	JVNDB	id:	JVNDB-2012-004372	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201209-271	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3706	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56987	date:	2012-09-13T00:00:00
db:	BID	id:	55534	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004372	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-271	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3706	date:	2012-09-13T10:30:21.183