VulDB: Apple Safari up to 5.1.7 WebKit buffer overflow
General
scipID: 5832
Affected: Apple Safari up to 5.1.7
Published: 07/25/2012 (Slawomir Blazek)
Risk: 
critical
Entry: 89.5% complete
Created: 08/03/2012
Updated: 09/03/2012
Summary
A vulnerability classified as critical has been found in Apple Safari up to 5.1.7. Affected is an unknown function of the component WebKit. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 07/25/2012 by Slawomir Blazek as HT5400 as knowledge base article (Apple Security Announce). The advisory is shared for download at support.apple.com. The public release has been coordinated in cooperation with the vendor. This vulnerability is traded as CVE-2012-3641 since 06/19/2012. The exploitability is known to be difficult. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. Technical details are unknown but a private exploit is available.
Upgrading to version 6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84175) and Secunia (SA50058).CVSS
Base Score: 7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Safari 6
Timeline
06/19/2012 | CVE assigned
07/25/2012 | Advisory disclosed
07/25/2012 | Countermeasure disclosed
07/27/2012 | OSVDB entry created
08/03/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: HT5400
Researcher: Slawomir Blazek
Coordinated: Yes
OSVDB: 84175
CVE: CVE-2012-3641 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 50058
- Latest Entries
- Google Chrome Web Audio Handler buffer overflow [CVE-2013-2845]
- Google Chrome Style Resolution Handler buffer overflow [CVE-2013-2844]
- Google Chrome Speech Handler buffer overflow [CVE-2013-2843]
- Google Chrome Widget Handler buffer overflow [CVE-2013-2842]
- Google Chrome Pepper Resource Handler buffer overflow [CVE-2013-2841]
- Statistics
- Archive
