Sign-up

ID

VAR-201312-0381


CVE

CVE-2013-5195


TITLE

Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-005592

DESCRIPTION

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. BUGTRAQ ID: 64353 CVE(CAN) ID: CVE-2013-5195 WebKit is an open source browser engine and the name of Apple's Mac OS X system engine framework version. 0 WebKit Open Source Project WebKit 2 WebKit Open Source Project WebKit 1.2.5 WebKit Open Source Project WebKit 1.2.3 WebKit Open Source Project WebKit 1.2.2-1 WebKit Open Source Project WebKit 1.2.2 Vendor Patch: Apple ----- Apple has released a security bulletin (HT6082) and corresponding patches for this: HT6082: About the security content of Safari 6.1.1 and Safari 7.0.1 Link: http://support.apple.com/kb/HT6082. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 Safari 6.1.1 and Safari 7.0.1 are now available and address the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 Impact: User credentials may be disclosed to an unexpected site via autofill Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5227 : Niklas Malmgren of Klarna AB WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-5195 : Apple CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative For OS X Mavericks systems, Safari 7.0.1 will be included in OS X Mavericks 10.9.1. For OS X Mountain Lion systems Safari 6.1 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSr0zmAAoJEPefwLHPlZEwb4oP/AwH5IgQlOh/lJgr5PVxS8uv 5hVhjfokGe59RTsuDT2q08VmP16oI/Vajrmh1jDRWv7O6eH0UY+AEj1+ePgWzTP6 sL8Dqft5cVo4R0gDtwE1x9/uD5qM9zZWdYooMifCA6V0epjZLc/3My0dw3y3OFSR 0NlB4lD4cjQ4if+5UrdT7P1yvKxMred7/iZkmMPrQxqyuF9kNHL34tx4C/dCfoYm 6MQuh/mkeRMKxEsgaJc+RSBB5KGRU86kEHbg5Aq2rWi6IhWiZ/8MByd0S5LofPOL G34ObAicWpGG6wA/6Os6Xt1EgtOuE7R/K27wZO18VmVEAaaKXMQ+QG8+FdTRdLpE twvUkGRcHXsi8En3Vh/9nva4Dst9tohBGdAY0mOANLpiwrdMpwMTQePz9g4aehDH oGbHU9yok4uoZXAYXYPMUr6grmUSHrfP4dveAavVYuauRi1sTGZps5TTjkaXmla4 QU02YJ3TLEy/qMRdtPjpiRx22NMKghXJ7P9qjDJYyXFclnQ9kL28sMP98MFwcmlL dhYFhH1V37KfVp/N4MQtxlA3gLLmc/WLmkp8M3VL4F+KlbRDvX9AwygG7GqQY584 jBXwyllVT1JYBFAkMz7LfiI8WxrASj4fMB7hZ5ZErpSUgjf4d0c43PIdm/Brq9O4 ALlOLWBeXRmbJg3VBSjw =fhyS -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2013-5195 // JVNDB: JVNDB-2013-005592 // BID: 64353 // VULHUB: VHN-65197 // PACKETSTORM: 124511

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 1.6

vendor:applemodel:webkitscope: - version: -

Trust: 1.4

vendor:applemodel:safariscope:lteversion:6.1

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:12.0

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:(windows)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mavericks v10.9)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.8

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mavericks v10.9)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.8

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:12.0

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

sources: BID: 64353 // JVNDB: JVNDB-2013-005592 // CNNVD: CNNVD-201312-375 // NVD: CVE-2013-5195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5195
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5195
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-375
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65197
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5195
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65197
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65197 // JVNDB: JVNDB-2013-005592 // CNNVD: CNNVD-201312-375 // NVD: CVE-2013-5195

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-65197 // JVNDB: JVNDB-2013-005592 // NVD: CVE-2013-5195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-375

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201312-375

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005592

PATCH
title:HT6537url:http://support.apple.com/en-eu/HT6537
Trust: 0.8
title:HT6082url:http://support.apple.com/kb/HT6082
Trust: 0.8
title:HT6084url:http://support.apple.com/kb/HT6084
Trust: 0.8
title:HT6084url:http://support.apple.com/kb/HT6084?viewlocale=ja_JP
Trust: 0.8
title:HT6537url:http://support.apple.com/ja-jp/HT6537
Trust: 0.8
title:HT6082url:http://support.apple.com/kb/HT6082?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005592

EXTERNAL IDS
db:NVDid:CVE-2013-5195
Trust: 3.0
db:JVNid:JVNVU98366726
Trust: 0.8
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2013-005592
Trust: 0.8
db:APPLEid:APPLE-SA-2013-12-16-1
Trust: 0.6
db:APPLEid:APPLE-SA-2013-12-16-2
Trust: 0.6
db:SECUNIAid:56122
Trust: 0.6
db:SECUNIAid:56144
Trust: 0.6
db:CNNVDid:CNNVD-201312-375
Trust: 0.6
db:BIDid:64353
Trust: 0.4
db:SEEBUGid:SSVID-61194
Trust: 0.1
db:VULHUBid:VHN-65197
Trust: 0.1
db:PACKETSTORMid:128734
Trust: 0.1
db:PACKETSTORMid:124511
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65197 // 
            
            
            
            BID: 64353 // 
            
            
            
            JVNDB: JVNDB-2013-005592 // 
            
            
            
            PACKETSTORM: 128734 // 
            
            
            
            PACKETSTORM: 124511 // 
            
            
            
            CNNVD: CNNVD-201312-375 // 
            
            
            
            NVD: CVE-2013-5195

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html
Trust: 2.5
url:http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html
Trust: 2.5
url:https://support.apple.com/kb/ht6537
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5195
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98366726/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5195
Trust: 0.8
url:http://secunia.com/advisories/56122
Trust: 0.6
url:http://secunia.com/advisories/56144
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:http://support.apple.com/kb/ht1222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5228
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5196
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5198
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:http://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5195
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-2909
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5225
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5197
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-5199
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2014-1291
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1292
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1269
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1270
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-6663
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2928
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1268
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1300
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2927
Trust: 0.1
url:http://www.apple.com/itunes/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1298
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2926
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1293
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1290
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-6635
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1294
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1289
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1299
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2875
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-6625
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2871
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-5227
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65197 // 
            
            
            
            BID: 64353 // 
            
            
            
            JVNDB: JVNDB-2013-005592 // 
            
            
            
            PACKETSTORM: 128734 // 
            
            
            
            PACKETSTORM: 124511 // 
            
            
            
            CNNVD: CNNVD-201312-375 // 
            
            
            
            NVD: CVE-2013-5195

CREDITS
Apple
Trust: 0.5
sources:
            
            
            BID: 64353 // 
            
            
            
            PACKETSTORM: 128734 // 
            
            
            
            PACKETSTORM: 124511

SOURCES
db:VULHUBid:VHN-65197
db:BIDid:64353
db:JVNDBid:JVNDB-2013-005592
db:PACKETSTORMid:128734
db:PACKETSTORMid:124511
db:CNNVDid:CNNVD-201312-375
db:NVDid:CVE-2013-5195

LAST UPDATE DATE
2025-04-11T20:58:55.754000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65197date:2016-12-09T00:00:00
db:BIDid:64353date:2014-10-21T00:59:00
db:JVNDBid:JVNDB-2013-005592date:2014-11-20T00:00:00
db:CNNVDid:CNNVD-201312-375date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5195date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65197date:2013-12-18T00:00:00
db:BIDid:64353date:2013-12-16T00:00:00
db:JVNDBid:JVNDB-2013-005592date:2013-12-19T00:00:00
db:PACKETSTORMid:128734date:2014-10-17T15:14:05
db:PACKETSTORMid:124511date:2013-12-19T00:22:22
db:CNNVDid:CNNVD-201312-375date:2013-12-24T00:00:00
db:NVDid:CVE-2013-5195date:2013-12-18T16:04:24.210