VAR-202002-0035
Vulnerability from variot - Updated: 2024-08-14 15:02BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error. It highlights game, media publishing and collaboration features. An attacker can exploit a vulnerability by enticing a trusted user to view a specially crafted website, resulting in the disclosure of potentially sensitive information. NOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Nth Dimension Security Advisory (NDSA20121030) Date: 30th October 2012 Author: Tim Brown timb@nth-dimension.org.uk URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: RIM BlackBerry PlayBook OS 1.0.8.6067 http://www.rim.com/products/blackberry_tablets.shtml Vendor: RIM http://www.rim.com/ Risk: Low
Summary
The web browser which comes as part of the RIM BlackBerry PlayBook OS
can be tricked into disclosing the contents of local files through the
planting of a malicious HTML file through the standard download mechanism.
It should be noted that in order to exploit this issue, user interaction
is required as the user will need to confirm the download of the malicious
HTML file.
After discussions with the vendor, CVE-2012-5828 was assigned to this vulnerability.
Solutions
Nth Dimension recommends that the vendor supplied patches should be applied.
Technical Details
It was identified that the PlayBook web browser could be forced to download rather than render HTML files and that whilst the browser does prompt the user to confirm the location of the download, this download process defaults to an attacker chosen location.
Furthermore, once downloaded, it is possible to use the "Location" header to load the file from the attacker's chose location using the "file://" URL handler in such a manner that the downloaded HTML then has trusted access to the PlayBook filing system.
It is possible to craft a HTML download which when opened will lead to arbitrary JavaScript being executed in the local context. The "file://" URL handler is trusted to execute across domains.
History
On 12th February 2012, Nth Dimension supplied a PoC exploit for this issue to representatives of RIM. BBSIRT responded on the 20th to confirm that they had recieved the report and were investigating.
RIM further notified Nth Dimension to confirm that all reported vulnerabilities were handled based on CVSS and that only critical vulnerabilities were deemed candidates for out-of-band patching. Less critical issues would however be addressed in future product updates.
Nth Dimension responded on 7th March 2012 to confirm that they agreed with this approach and that in their opinion the issue was not critical and did not warrant an expedited response. Nth Dimension asked to be kept in the loop regarding the release of a patch for this issue in due course.
On 19th September 2012, Nth Dimension asked for an update, in particular to establish whether a CVE had been assigned by RIM for this issue.
On 1st November 2012, RIM responded to say that the "The changes for the issues are in the latest 2.1 builds for PlayBook. The build is currently available for WiFi only PlayBooks and we’re working with our carrier partners for testing and availability for build for the in-market cellular-enabled PlayBooks".
On 6th November 2012, RIM confirm that CVE-2012-5828 has been assigned. They also confirm they believe testing of cellular PlayBooks will be completed by the end of the month.
Nth Dimension repond, proposing 1st Deceber 2012 as the embargo date.
Current
As of 1st Novmeber 2012, the state of the vulnerability is believed to be as follows. RIM have begun shipping a patch which it is believed successfully resolves the reported issue.
Thanks
Nth Dimension would like to thank all the security folk at RIM, in particular the BlackBerry Incident Response team for the way they worked to resolve the issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQuU6xAAoJEPJhpTVyySo7xcoQAM7KB/2KYIq/IElrO15jr/hH 8Pytj9Q+k0VTmousVUWs5EP+uurZ28dGH8QNdsBv/kmp9M6gPQbex38pVVp+UJxh DcVoGhVJLsrzATQH+1LH/zVVkV4idERSQvGMjbikHWMdObfr6H37iN/UwK1+O27T tFQkIbM/rRNZk/OUz+B25D+2C53tdjTsCStkbnmYXKBlMYf0h3M28sFR3bcB5mBg MFNO7Vr/t16NdFRN+MPgfiRZTATH2gCqklMoe8rmQbu+Fumf1+7T5jlnXORUIiUb tTKvDjw9o0dL513b58JuIsheiyx0IlvGo4RyfXfWRAZaZiTPSnbzPwl83Bj1JpW+ PJ4Z+4yKcwQcRIfvCDH6vc8o4uMTM7g9SMuLxZBoZN3mFUAOLwy9wJde+w8bmpFA Z6KWtmzcAlt1QoRhNPS8s+udMc1HSXKpyNjTdaqEmhjVNReDeIp+mrOnlYENa4k+ 86LyOMlil00B+dCnt76/s3T/Q+briWgLgY7KrZlVIIoRzliTn3Oy0Rd7SIRJgoV6 bK5/W8q1uFEEF1kdy1Q3/08CFxIkWKgB6QCfa0iY5q+nNl5V6SjqAaxsesB/zcnS aD6OjWz+j9ZFs1nounIWZrGygLRVt3C/liLfR7JiAGux518mRz87uOedd+0TtBUh O7FtQ/d4H990AomSBivi =DyJj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "playbook",
"scope": "lt",
"trust": 1.0,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "playbook",
"scope": "eq",
"trust": 0.8,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.6"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.7.3312"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.5.2304"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.5.2342"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.7.2942"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.8.4985"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "1.0.8.6067"
},
{
"model": "in motion blackberry playbook tablet software",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "2.0.0.7971"
},
{
"model": "in motion blackberry playbook",
"scope": "eq",
"trust": 0.6,
"vendor": "research",
"version": "2.0.0.7971"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "2.0.1.668"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "2.0.1.358"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "2.0.0.7971"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.8.6067"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.8.4985"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.7.3312"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.7.2942"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.6"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.5.2342"
},
{
"model": "blackberry playbook tablet software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.0.5.2304"
},
{
"model": "blackberry playbook",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "2.0.0.7971"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "BID",
"id": "56793"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:blackberry:playbook_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nth Dimension",
"sources": [
{
"db": "BID",
"id": "56793"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-5828",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2012-006623",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2012-5828",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2012-006623",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-5828",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2012-006623",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-146",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-5828",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error. It highlights game, media publishing and collaboration features. An attacker can exploit a vulnerability by enticing a trusted user to view a specially crafted website, resulting in the disclosure of potentially sensitive information. \nNOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNth Dimension Security Advisory (NDSA20121030)\nDate: 30th October 2012\nAuthor: Tim Brown \u003cmailto:timb@nth-dimension.org.uk\u003e\nURL: \u003chttp://www.nth-dimension.org.uk/\u003e / \u003chttp://www.machine.org.uk/\u003e\nProduct: RIM BlackBerry PlayBook OS 1.0.8.6067 \u003chttp://www.rim.com/products/blackberry_tablets.shtml\u003e\nVendor: RIM \u003chttp://www.rim.com/\u003e\nRisk: Low\n\nSummary\n\nThe web browser which comes as part of the RIM BlackBerry PlayBook OS\ncan be tricked into disclosing the contents of local files through the\nplanting of a malicious HTML file through the standard download mechanism. \nIt should be noted that in order to exploit this issue, user interaction\nis required as the user will need to confirm the download of the malicious\nHTML file. \n\nAfter discussions with the vendor, CVE-2012-5828 was assigned to this\nvulnerability. \n\nSolutions\n\nNth Dimension recommends that the vendor supplied patches should be applied. \n\nTechnical Details\n\nIt was identified that the PlayBook web browser could be forced to download\nrather than render HTML files and that whilst the browser does prompt the\nuser to confirm the location of the download, this download process defaults\nto an attacker chosen location. \n\nFurthermore, once downloaded, it is possible to use the \"Location\" header to\nload the file from the attacker\u0027s chose location using the \"file://\" URL\nhandler in such a manner that the downloaded HTML then has trusted access to\nthe PlayBook filing system. \n\nIt is possible to craft a HTML download which when opened will lead to arbitrary\nJavaScript being executed in the local context. The \"file://\" URL handler is\ntrusted to execute across domains. \n\nHistory\n\nOn 12th February 2012, Nth Dimension supplied a PoC exploit for this issue\nto representatives of RIM. BBSIRT responded on the 20th to confirm that they\nhad recieved the report and were investigating. \n\nRIM further notified Nth Dimension to confirm that all reported vulnerabilities\nwere handled based on CVSS and that only critical vulnerabilities were deemed\ncandidates for out-of-band patching. Less critical issues would however be\naddressed in future product updates. \n\nNth Dimension responded on 7th March 2012 to confirm that they agreed with\nthis approach and that in their opinion the issue was not critical and did\nnot warrant an expedited response. Nth Dimension asked to be kept in the\nloop regarding the release of a patch for this issue in due course. \n\nOn 19th September 2012, Nth Dimension asked for an update, in particular to\nestablish whether a CVE had been assigned by RIM for this issue. \n\nOn 1st November 2012, RIM responded to say that the \"The changes for the issues\nare in the latest 2.1 builds for PlayBook. The build is currently available\nfor WiFi only PlayBooks and we\u2019re working with our carrier partners for testing\nand availability for build for the in-market cellular-enabled PlayBooks\". \n\nOn 6th November 2012, RIM confirm that CVE-2012-5828 has been assigned. They\nalso confirm they believe testing of cellular PlayBooks will be completed\nby the end of the month. \n\nNth Dimension repond, proposing 1st Deceber 2012 as the embargo date. \n\nCurrent\n\nAs of 1st Novmeber 2012, the state of the vulnerability is believed to\nbe as follows. RIM have begun shipping a patch which it is believed\nsuccessfully resolves the reported issue. \n\nThanks\n\nNth Dimension would like to thank all the security folk at RIM, in\nparticular the BlackBerry Incident Response team for the way they worked\nto resolve the issue. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQIcBAEBCAAGBQJQuU6xAAoJEPJhpTVyySo7xcoQAM7KB/2KYIq/IElrO15jr/hH\n8Pytj9Q+k0VTmousVUWs5EP+uurZ28dGH8QNdsBv/kmp9M6gPQbex38pVVp+UJxh\nDcVoGhVJLsrzATQH+1LH/zVVkV4idERSQvGMjbikHWMdObfr6H37iN/UwK1+O27T\ntFQkIbM/rRNZk/OUz+B25D+2C53tdjTsCStkbnmYXKBlMYf0h3M28sFR3bcB5mBg\nMFNO7Vr/t16NdFRN+MPgfiRZTATH2gCqklMoe8rmQbu+Fumf1+7T5jlnXORUIiUb\ntTKvDjw9o0dL513b58JuIsheiyx0IlvGo4RyfXfWRAZaZiTPSnbzPwl83Bj1JpW+\nPJ4Z+4yKcwQcRIfvCDH6vc8o4uMTM7g9SMuLxZBoZN3mFUAOLwy9wJde+w8bmpFA\nZ6KWtmzcAlt1QoRhNPS8s+udMc1HSXKpyNjTdaqEmhjVNReDeIp+mrOnlYENa4k+\n86LyOMlil00B+dCnt76/s3T/Q+briWgLgY7KrZlVIIoRzliTn3Oy0Rd7SIRJgoV6\nbK5/W8q1uFEEF1kdy1Q3/08CFxIkWKgB6QCfa0iY5q+nNl5V6SjqAaxsesB/zcnS\naD6OjWz+j9ZFs1nounIWZrGygLRVt3C/liLfR7JiAGux518mRz87uOedd+0TtBUh\nO7FtQ/d4H990AomSBivi\n=DyJj\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "BID",
"id": "56793"
},
{
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"db": "PACKETSTORM",
"id": "118538"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5828",
"trust": 3.5
},
{
"db": "BID",
"id": "56793",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-9330",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2012-5828",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118538",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"db": "BID",
"id": "56793"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "PACKETSTORM",
"id": "118538"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"id": "VAR-202002-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
}
],
"trust": 1.3413580333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
}
]
},
"last_update_date": "2024-08-14T15:02:01.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://support.blackberry.com/"
},
{
"title": "BlackBerry PlayBook has an undisclosed information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/26975"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.securityfocus.com/archive/1/524893/30/9240/flat"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/56793"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80555"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/cve/cve-2012-5828"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5828"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5828"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/56793http"
},
{
"trust": 0.3,
"url": "http://us.blackberry.com/playbook-tablet.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2012/dec/23"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.nth-dimension.org.uk/\u003e"
},
{
"trust": 0.1,
"url": "http://www.rim.com/products/blackberry_tablets.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.machine.org.uk/\u003e"
},
{
"trust": 0.1,
"url": "http://www.rim.com/\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"db": "BID",
"id": "56793"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "PACKETSTORM",
"id": "118538"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"db": "BID",
"id": "56793"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"db": "PACKETSTORM",
"id": "118538"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"date": "2020-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"date": "2012-12-01T00:00:00",
"db": "BID",
"id": "56793"
},
{
"date": "2020-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"date": "2012-12-01T13:33:33",
"db": "PACKETSTORM",
"id": "118538"
},
{
"date": "2012-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"date": "2020-02-10T16:15:11.610000",
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9330"
},
{
"date": "2020-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2012-5828"
},
{
"date": "2012-12-01T00:00:00",
"db": "BID",
"id": "56793"
},
{
"date": "2020-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006623"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-146"
},
{
"date": "2020-02-14T17:09:40.083000",
"db": "NVD",
"id": "CVE-2012-5828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlackBerry PlayBook Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-146"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…