CVE-2012-3703 Details

CVE-2012-3703

Published: 2012-09-13
Last Modified: 2017-09-19
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.3/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 8.5/10
Confidentiality Impact Partial
Availability Impact Complete
Integrity Impact Partial
Vector String AV:N/AC:M/Au:N/C:P/I:P/A:C
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.0.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.0.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.1.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.2.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.5:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.5.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.6:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.6.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.1:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.8.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:4.9.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:5.0.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.1:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.2:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.2:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.3:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.4:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.4:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:6.0.5:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.2:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.0.2:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.1.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.1.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.2.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.2:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.3.2:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.1:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.2:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.2:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.4.3:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.5:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.5.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.1:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.6.2:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7.1:*:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:7.7.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:8.0.0:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:8.0.1:-:windows:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.1.1.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.2.2.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.4.0.80:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.4.1.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.5.1.42:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.5.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.5.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:10.6.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:* Yes - -
References

http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://osvdb.org/85386
http://support.apple.com/kb/HT5485
http://support.apple.com/kb/HT5502
http://support.apple.com/kb/HT5503
http://www.securityfocus.com/bid/55534
https://exchange.xforce.ibmcloud.com/vulnerabilities/78557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17478

CVE ID
CVE-2012-3703
Published
2012-09-13
Modified
2017-09-19
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE Pending

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.