VulDB: Apple Safari up to 5.1.7 WebKit buffer overflow
General
scipID: 5799
Affected: Apple Safari up to 5.1.7
Published: 07/25/2012
Risk: 
critical
Entry: 87% complete
Created: 07/31/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as critical, was found in Apple Safari up to 5.1.7. This affects an unknown function of the component WebKit. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was shared 07/25/2012 with Apple Product Security as HT5400 as knowledge base article (Apple Security Announce). The advisory is shared for download at support.apple.com. This vulnerability is uniquely identified as CVE-2012-3591 since 06/19/2012. The exploitability is known to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84142) and Secunia (SA50058).CVSS
Base Score: 7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Safari 6
Timeline
06/19/2012 | CVE assigned
07/25/2012 | Advisory disclosed
07/25/2012 | Countermeasure disclosed
07/27/2012 | OSVDB entry created
07/31/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: HT5400
Company: Apple Product Security
OSVDB: 84142
CVE: CVE-2012-3591 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 50058
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
