var-201205-0406
Vulnerability from variot
WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an unspecified memory-corruption vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Very few technical details are currently available. We will update this BID when more information emerges. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.
-------------------------------------------------------------------------------- (940.fc0): Access violation - code c0000005 (!!! second chance !!!)
eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20
eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
41414141 ?? ???
~~~
(6b0.a04): Access violation - code c0000005 (!!! second chance !!!)
eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d
eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
Defaulted to export symbols for C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll -
CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:
0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????
--------------------------------------------------------------------------------
Tested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in WebKit versions prior to Apple iOS 5.1.1. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description: - webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Apple iTunes Two Vulnerabilities
SECUNIA ADVISORY ID: SA49489
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
RELEASE DATE: 2012-06-12
DISCUSS ADVISORY: http://secunia.com/advisories/49489/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49489/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Apple has reported two vulnerabilities in Apple iTunes, which can be exploited by malicious people to compromise a user's system.
1) An error in the handling of .m3u playlists can be exploited to cause a heap-based buffer overflow via a specially crafted M3U (".m3u") file.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gjoko Krstic, Zero Science Lab.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5318
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update
iOS 5.1.1 Software Update is now available and addresses the following:
Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted website may be able to spoof the address in the location bar Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems. CVE-ID CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-site scripting issues existed in WebKit. CVE-ID CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest CVE-2011-3056 : Sergey Glazunov
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "5.1.1".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPpBcyAAoJEGnF2JsdZQeexJYH/0aYO0MULFXYARidSV22JdjG a1+yXKn8Rv2vv+8yStgKK2mWu18hvYWQ+whtvCzs1OefiVsq1nOvdCL1G62ybcYv O9BiHEDsuu+On2nAPiglu+luokByKLlZcIaM1Qa3pXHkiI8jlH7y7XuuoFsVt1Vc 284JgvV/sHnvesne2GsNyoRBJjfkliqXCgb1zmQWO9xX7HEJCaMNlc5Bwdonm26q 3OEKr2UQxvmWCbnCroiQ5KmEM+gLJSfLLOymow9xa4gM8aM87BXGWNMEKVs8LRLm dHngmEmzEa/Fx9PnR7rqjTCAMS8hR7aFcCYNTWjfR+keRXx7OHhCm88MfndryS8= =qhqL -----END PGP SIGNATURE----- . CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to populate form inputs on another website with arbitrary values Description: A state tracking issue existed in WebKit's handling of forms. CVE-ID CVE-2012-0676 : Andreas Akre Solberg of UNINETT AS, Aaron Roots of Deakin University ITSD, Tyler Goen
Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.4"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.5"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.2"
},
{
"model": "open source project webkit r77705",
"scope": null,
"trust": 0.3,
"vendor": "webkit",
"version": null
},
{
"model": "open source project webkit r52833",
"scope": null,
"trust": 0.3,
"vendor": "webkit",
"version": null
},
{
"model": "open source project webkit r52401",
"scope": null,
"trust": 0.3,
"vendor": "webkit",
"version": null
},
{
"model": "open source project webkit r51295",
"scope": null,
"trust": 0.3,
"vendor": "webkit",
"version": null
},
{
"model": "open source project webkit r38566",
"scope": null,
"trust": 0.3,
"vendor": "webkit",
"version": null
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.x"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.2-1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.1,
"vendor": "apple",
"version": "10.6.1.7 and 10.6.0.40"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "BID",
"id": "53404"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipad",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Barth and Abhishek Arya of the Google Chrome Security Team",
"sources": [
{
"db": "BID",
"id": "53404"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-53953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0672",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-0672",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-118",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2012-5093",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "VULHUB",
"id": "VHN-53953",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an unspecified memory-corruption vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. \nVery few technical details are currently available. We will update this BID when more information emerges. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it\u2019s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.\u003cbr/\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (940.fc0): Access violation - code c0000005 (!!! second chance !!!)\u003cbr/\u003e eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20\u003cbr/\u003e eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206\u003cbr/\u003e\u003cunloaded_card.dll\u003e+0x41414130:\u003cbr/\u003e 41414141 ?? ???\u003cbr/\u003e\u003cbr/\u003e ~~~\u003cbr/\u003e\u003cbr/\u003e (6b0.a04): Access violation - code c0000005 (!!! second chance !!!)\u003cbr/\u003e eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d\u003cbr/\u003e eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206\u003cbr/\u003e Defaulted to export symbols for C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\CoreFoundation.dll -\u003cbr/\u003e CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:\u003cbr/\u003e 0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????\u003cbr/\u003e\u003c/unloaded_card.dll\u003e\u003c/code\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in WebKit versions prior to Apple iOS 5.1.1. ============================================================================\nUbuntu Security Notice USN-1524-1\nAugust 08, 2012\n\nwebkit vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nMultiple security vulnerabilities were fixed in WebKit. \n\nSoftware Description:\n- webkit: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKit browser and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1\n libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1\n libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1\n libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1\n\nAfter a standard system update you need to restart your session to make all\nthe necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1524-1\n CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,\n CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,\n CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,\n CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iTunes Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49489\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49489/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489\n\nRELEASE DATE:\n2012-06-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49489/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49489/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has reported two vulnerabilities in Apple iTunes, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\n1) An error in the handling of .m3u playlists can be exploited to\ncause a heap-based buffer overflow via a specially crafted M3U\n(\".m3u\") file. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Gjoko Krstic, Zero Science Lab. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT5318\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update\n\niOS 5.1.1 Software Update is now available and addresses the\nfollowing:\n\nSafari\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: A maliciously crafted website may be able to spoof the\naddress in the location bar\nDescription: A URL spoofing issue existed in Safari. This could be\nused in a malicious web site to direct the user to a spoofed site\nthat visually appeared to be a legitimate domain. This issue is\naddressed through improved URL handling. This issue does not affect\nOS X systems. \nCVE-ID\nCVE-2012-0674 : David Vieira-Kurz of MajorSecurity\n(majorsecurity.net)\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: Multiple cross-site scripting issues existed in WebKit. \nCVE-ID\nCVE-2011-3046 : Sergey Glazunov working with Google\u0027s Pwnium contest\nCVE-2011-3056 : Sergey Glazunov\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in WebKit. \nCVE-ID\nCVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome\nSecurity Team\n\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\nuser with the option to install the update. We recommend applying\nthe update immediately if possible. Selecting Don\u0027t Install will\npresent the option the next time you connect your iPhone, iPod touch,\nor iPad. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. After doing\nthis, the update can be applied when your iPhone, iPod touch, or iPad\nis docked to your computer. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"5.1.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPpBcyAAoJEGnF2JsdZQeexJYH/0aYO0MULFXYARidSV22JdjG\na1+yXKn8Rv2vv+8yStgKK2mWu18hvYWQ+whtvCzs1OefiVsq1nOvdCL1G62ybcYv\nO9BiHEDsuu+On2nAPiglu+luokByKLlZcIaM1Qa3pXHkiI8jlH7y7XuuoFsVt1Vc\n284JgvV/sHnvesne2GsNyoRBJjfkliqXCgb1zmQWO9xX7HEJCaMNlc5Bwdonm26q\n3OEKr2UQxvmWCbnCroiQ5KmEM+gLJSfLLOymow9xa4gM8aM87BXGWNMEKVs8LRLm\ndHngmEmzEa/Fx9PnR7rqjTCAMS8hR7aFcCYNTWjfR+keRXx7OHhCm88MfndryS8=\n=qhqL\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome\nSecurity Team\n\nWebKit\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista,\nXP SP2 or later\nImpact: A maliciously crafted website may be able to populate form\ninputs on another website with arbitrary values\nDescription: A state tracking issue existed in WebKit\u0027s handling of\nforms. \nCVE-ID\nCVE-2012-0676 : Andreas Akre Solberg of UNINETT AS, Aaron Roots of\nDeakin University ITSD, Tyler Goen\n\nNote: In addition, this update disables Adobe Flash Player if it\nis older than 10.1.102.64 by moving its files to a new directory. \nThis update presents the option to install an updated version of\nFlash Player from the Adobe website",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0672"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "BID",
"id": "53404"
},
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "PACKETSTORM",
"id": "115375"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "PACKETSTORM",
"id": "112543"
},
{
"db": "PACKETSTORM",
"id": "112596"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/itunes_bof.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0672",
"trust": 3.2
},
{
"db": "BID",
"id": "53404",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "47292",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19773",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19548",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19596",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-05-07-1",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113566",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "49489",
"trust": 0.2
},
{
"db": "OSVDB",
"id": "82897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113555",
"trust": 0.1
},
{
"db": "BID",
"id": "53933",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19098",
"trust": 0.1
},
{
"db": "VULDB",
"id": "5552",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2012060148",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1027142",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2012-5093",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53953",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113591",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112596",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "BID",
"id": "53404"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "PACKETSTORM",
"id": "115375"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "PACKETSTORM",
"id": "112543"
},
{
"db": "PACKETSTORM",
"id": "112596"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"id": "VAR-201205-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53953"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T22:20:14.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5282",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5282"
},
{
"title": "HT5318",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5318"
},
{
"title": "HT5278",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5278"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/53404"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2012/jun/msg00000.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht5282"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/47292"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75431"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0672"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu341483"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu241779/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu626251/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0672"
},
{
"trust": 0.7,
"url": "http://www.nsfocus.net/vulndb/19773"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19596"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19548"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0672"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3046"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht5318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3056"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0677"
},
{
"trust": 0.1,
"url": "https://isc.sans.edu/diary/apple+itunes+security+update/13435"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49489"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2012060148"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/19098/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/files/113555"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/files/113566"
},
{
"trust": 0.1,
"url": "http://www.securelist.com/en/advisories/49489"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1027142"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/82897"
},
{
"trust": 0.1,
"url": "http://www.scmagazine.com.au/news/304973,booby-trapped-playlist-pwns-itunes.aspx"
},
{
"trust": 0.1,
"url": "http://www.crn.com.au/news/304998,booby-trapped-playlist-hits-itunes.aspx"
},
{
"trust": 0.1,
"url": "http://lists.virus.org/apple-security-1206/msg00000.html"
},
{
"trust": 0.1,
"url": "http://www.camcert.gov.kh/?p=1201"
},
{
"trust": 0.1,
"url": "http://securityvulns.com/docs28127.html"
},
{
"trust": 0.1,
"url": "http://www.net-security.org/advisory.php?id=14441"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0051.html"
},
{
"trust": 0.1,
"url": "https://www.cert.be/pro/node/12532"
},
{
"trust": 0.1,
"url": "http://sylvar.tumblr.com/post/25087980360/apple-itunes-10-6-1-7-m3u-playlist-file-walking"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/53933"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59497"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59498"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59499"
},
{
"trust": 0.1,
"url": "http://www.scmagazine.com/itunes-vulnerability-may-enable-remote-code-execution/article/246207/"
},
{
"trust": 0.1,
"url": "http://www.informationweek.com/aroundtheweb/security/itunes-vulnerability-may-enable-remote-c/704d55486d51544d524931735147714b49364f5558773d3d"
},
{
"trust": 0.1,
"url": "http://www.msnbc.msn.com/id/47876553/ns/technology_and_science-security/"
},
{
"trust": 0.1,
"url": "http://www.libertas.mk/vest/28065/makedonski-it-ekspert-otkri-opasen-bezbednosen-defekt-vo-itjuns"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/en/?vuldb.5552"
},
{
"trust": 0.1,
"url": "http://www.infosecurity-magazine.com/view/26492/researcher-publishes-proofofconcept-exploit-for-itunes/"
},
{
"trust": 0.1,
"url": "http://www.intego.com/mac-security-blog/time-to-update-itunes/"
},
{
"trust": 0.1,
"url": "http://tif.mcafee.com/threats/3500"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1027283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3069"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1524-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3680"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3615"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0677"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49489/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49489/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0676"
},
{
"trust": 0.1,
"url": "http://www.apple.com/safari/download/"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "BID",
"id": "53404"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "PACKETSTORM",
"id": "115375"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "PACKETSTORM",
"id": "112543"
},
{
"db": "PACKETSTORM",
"id": "112596"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53953"
},
{
"db": "BID",
"id": "53404"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"db": "PACKETSTORM",
"id": "115375"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "PACKETSTORM",
"id": "112543"
},
{
"db": "PACKETSTORM",
"id": "112596"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-12T00:00:00",
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"date": "2012-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-53953"
},
{
"date": "2012-05-07T00:00:00",
"db": "BID",
"id": "53404"
},
{
"date": "2012-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"date": "2012-08-09T01:33:19",
"db": "PACKETSTORM",
"id": "115375"
},
{
"date": "2012-06-12T22:20:34",
"db": "PACKETSTORM",
"id": "113566"
},
{
"date": "2012-06-13T02:54:15",
"db": "PACKETSTORM",
"id": "113591"
},
{
"date": "2012-05-08T19:11:11",
"db": "PACKETSTORM",
"id": "112543"
},
{
"date": "2012-05-10T15:24:22",
"db": "PACKETSTORM",
"id": "112596"
},
{
"date": "2012-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"date": "2012-05-08T10:25:46.957000",
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-01T00:00:00",
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"date": "2017-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-53953"
},
{
"date": "2012-08-08T21:32:00",
"db": "BID",
"id": "53404"
},
{
"date": "2012-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002245"
},
{
"date": "2012-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-118"
},
{
"date": "2017-12-07T02:29:10.193000",
"db": "NVD",
"id": "CVE-2012-0672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115375"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Product WebKit Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-118"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.