CERTA-2012-AVI-404

Vulnerability from certfr_avis - Published: 2012-07-26 - Updated: 2012-07-26

De multiples vulnérabilités ont été corrigées dans Safari. Elles permettent à une personne malintentionnée d'exécuter du code arbitraire à distance, télécharger des fichiers arbitraires à distance, falsifier une URL et injecter du code indirectement à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Safari 6.0.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Safari 6.0.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3089"
    },
    {
      "name": "CVE-2011-3050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3050"
    },
    {
      "name": "CVE-2012-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3618"
    },
    {
      "name": "CVE-2012-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3663"
    },
    {
      "name": "CVE-2011-3924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3924"
    },
    {
      "name": "CVE-2012-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3611"
    },
    {
      "name": "CVE-2012-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3638"
    },
    {
      "name": "CVE-2012-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1521"
    },
    {
      "name": "CVE-2012-3664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3664"
    },
    {
      "name": "CVE-2012-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3592"
    },
    {
      "name": "CVE-2011-3068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3068"
    },
    {
      "name": "CVE-2012-3674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3674"
    },
    {
      "name": "CVE-2011-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3090"
    },
    {
      "name": "CVE-2012-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3641"
    },
    {
      "name": "CVE-2012-3696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3696"
    },
    {
      "name": "CVE-2012-3626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3626"
    },
    {
      "name": "CVE-2011-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3069"
    },
    {
      "name": "CVE-2012-3637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3637"
    },
    {
      "name": "CVE-2012-3680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3680"
    },
    {
      "name": "CVE-2012-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3636"
    },
    {
      "name": "CVE-2012-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3615"
    },
    {
      "name": "CVE-2012-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3610"
    },
    {
      "name": "CVE-2012-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3653"
    },
    {
      "name": "CVE-2012-0679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0679"
    },
    {
      "name": "CVE-2011-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3032"
    },
    {
      "name": "CVE-2012-3697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3697"
    },
    {
      "name": "CVE-2012-3667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3667"
    },
    {
      "name": "CVE-2012-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3608"
    },
    {
      "name": "CVE-2012-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3645"
    },
    {
      "name": "CVE-2011-3064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3064"
    },
    {
      "name": "CVE-2011-3021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3021"
    },
    {
      "name": "CVE-2012-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3640"
    },
    {
      "name": "CVE-2011-3040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3040"
    },
    {
      "name": "CVE-2012-3605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3605"
    },
    {
      "name": "CVE-2011-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3016"
    },
    {
      "name": "CVE-2011-3969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3969"
    },
    {
      "name": "CVE-2012-3604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3604"
    },
    {
      "name": "CVE-2012-3686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3686"
    },
    {
      "name": "CVE-2012-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3635"
    },
    {
      "name": "CVE-2012-3666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3666"
    },
    {
      "name": "CVE-2012-1520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1520"
    },
    {
      "name": "CVE-2012-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3596"
    },
    {
      "name": "CVE-2012-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3627"
    },
    {
      "name": "CVE-2011-3966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3966"
    },
    {
      "name": "CVE-2011-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3034"
    },
    {
      "name": "CVE-2012-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3597"
    },
    {
      "name": "CVE-2011-3043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3043"
    },
    {
      "name": "CVE-2011-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2845"
    },
    {
      "name": "CVE-2011-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3027"
    },
    {
      "name": "CVE-2011-3926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3926"
    },
    {
      "name": "CVE-2012-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3650"
    },
    {
      "name": "CVE-2012-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3669"
    },
    {
      "name": "CVE-2012-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3661"
    },
    {
      "name": "CVE-2011-3060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3060"
    },
    {
      "name": "CVE-2011-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3968"
    },
    {
      "name": "CVE-2012-0683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0683"
    },
    {
      "name": "CVE-2011-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3053"
    },
    {
      "name": "CVE-2011-3039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3039"
    },
    {
      "name": "CVE-2012-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3589"
    },
    {
      "name": "CVE-2012-3691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3691"
    },
    {
      "name": "CVE-2012-3634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3634"
    },
    {
      "name": "CVE-2012-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3646"
    },
    {
      "name": "CVE-2012-3694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3694"
    },
    {
      "name": "CVE-2011-3073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3073"
    },
    {
      "name": "CVE-2011-3971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3971"
    },
    {
      "name": "CVE-2011-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3076"
    },
    {
      "name": "CVE-2012-3603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3603"
    },
    {
      "name": "CVE-2012-3690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3690"
    },
    {
      "name": "CVE-2012-3695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3695"
    },
    {
      "name": "CVE-2011-3042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3042"
    },
    {
      "name": "CVE-2012-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3655"
    },
    {
      "name": "CVE-2011-3059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3059"
    },
    {
      "name": "CVE-2011-3036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3036"
    },
    {
      "name": "CVE-2012-0682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0682"
    },
    {
      "name": "CVE-2011-3041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3041"
    },
    {
      "name": "CVE-2011-3958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3958"
    },
    {
      "name": "CVE-2012-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3590"
    },
    {
      "name": "CVE-2012-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3593"
    },
    {
      "name": "CVE-2011-3035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3035"
    },
    {
      "name": "CVE-2012-3678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3678"
    },
    {
      "name": "CVE-2011-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3074"
    },
    {
      "name": "CVE-2012-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2815"
    },
    {
      "name": "CVE-2012-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3594"
    },
    {
      "name": "CVE-2011-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3913"
    },
    {
      "name": "CVE-2012-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3644"
    },
    {
      "name": "CVE-2012-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3633"
    },
    {
      "name": "CVE-2012-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3642"
    },
    {
      "name": "CVE-2012-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3591"
    },
    {
      "name": "CVE-2011-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3075"
    },
    {
      "name": "CVE-2011-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3081"
    },
    {
      "name": "CVE-2011-3071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3071"
    },
    {
      "name": "CVE-2012-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3679"
    },
    {
      "name": "CVE-2012-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3629"
    },
    {
      "name": "CVE-2011-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3037"
    },
    {
      "name": "CVE-2012-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3595"
    },
    {
      "name": "CVE-2012-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3670"
    },
    {
      "name": "CVE-2012-0680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0680"
    },
    {
      "name": "CVE-2012-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3628"
    },
    {
      "name": "CVE-2012-3681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3681"
    },
    {
      "name": "CVE-2011-3044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3044"
    },
    {
      "name": "CVE-2012-3631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3631"
    },
    {
      "name": "CVE-2012-3665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3665"
    },
    {
      "name": "CVE-2012-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3599"
    },
    {
      "name": "CVE-2012-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3625"
    },
    {
      "name": "CVE-2012-3683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3683"
    },
    {
      "name": "CVE-2011-3078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3078"
    },
    {
      "name": "CVE-2012-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3609"
    },
    {
      "name": "CVE-2012-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3600"
    },
    {
      "name": "CVE-2011-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3067"
    },
    {
      "name": "CVE-2012-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3620"
    },
    {
      "name": "CVE-2012-0678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0678"
    },
    {
      "name": "CVE-2012-3689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3689"
    },
    {
      "name": "CVE-2012-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3656"
    },
    {
      "name": "CVE-2011-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3086"
    },
    {
      "name": "CVE-2011-3426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3426"
    },
    {
      "name": "CVE-2012-3630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3630"
    },
    {
      "name": "CVE-2012-3693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3693"
    },
    {
      "name": "CVE-2012-3682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3682"
    },
    {
      "name": "CVE-2011-3038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3038"
    },
    {
      "name": "CVE-2012-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3639"
    },
    {
      "name": "CVE-2012-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3668"
    }
  ],
  "initial_release_date": "2012-07-26T00:00:00",
  "last_revision_date": "2012-07-26T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-404",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-07-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSafari\u003c/span\u003e. Elles permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, t\u00e9l\u00e9charger\ndes fichiers arbitraires \u00e0 distance, falsifier une URL et injecter du\ncode indirectement \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce de s\u00e9curit\u00e9 Apple du 25 juillet 2012",
      "url": "http://prod.lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.