Vulnerability Details : CVE-2012-0626

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Published 2012-03-08 22:55:04

Updated 2018-11-29 19:06:49

Source Apple Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-0626

Probability of exploitation activity in the next 30 days: 0.76%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0626

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-0626

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0626

http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html

Apple - Lists.apple.com
Mailing List;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/52365

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html

Apple - Lists.apple.com
Mailing List;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/48288

Sign in
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/48274

Sign in
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/48377

Sign in
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html

Apple - Lists.apple.com
Mailing List;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1026774

Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16862

Repository / Oval Repository
Third Party Advisory

Products affected by CVE-2012-0626

Apple » Itunes
Versions before (<) 10.6
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 5.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions