CVE-2012-2647 : Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, an

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

Published 2012-07-31 10:45:42

Updated 2012-07-31 10:45:42

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2012-2647

Probability of exploitation activity in the next 30 days: 0.23%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2647

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-2647

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2647

http://jvn.jp/en/jp/JVN51769987/index.html

JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072

JVNDB-2012-000072 - JVN iPedia - 脆弱性対策情報データベース

Products affected by CVE-2012-2647

Yahoo » Toolbar
Versions up to, including, (<=) 1.0.0.5
cpe:2.3:a:yahoo:toolbar:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Safari
When used together with: Google » Chrome

Vulnerability Details : CVE-2012-2647

Exploit prediction scoring system (EPSS) score for CVE-2012-2647

CVSS scores for CVE-2012-2647

CWE ids for CVE-2012-2647

References for CVE-2012-2647

Products affected by CVE-2012-2647