CVE-2012-3680

2012-07-2520:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-3680

webkit

apple safari

remote attackers

arbitrary code execution

denial of service

memory corruption

application crash

7.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

91.9%

JSON

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CPENameOperatorVersion
apple:safariapple safarieq4.0.2
apple:safariapple safarieq3.0.4b
apple:safariapple safarieq1.3.0
apple:safariapple safarieq1.0.3
apple:safariapple safarieq2.0.3
apple:safariapple safarieq5.1.3
apple:safariapple safarieq4.0.1
apple:safariapple safarieq1.3.2
apple:safariapple safarieq2
apple:safariapple safarieq1.1.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	3.0.4b
apple:safari	apple safari	eq	1.3.0
apple:safari	apple safari	eq	1.0.3
apple:safari	apple safari	eq	2.0.3
apple:safari	apple safari	eq	5.1.3
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	1.3.2
apple:safari	apple safari	eq	2
apple:safari	apple safari	eq	1.1.1