CVE-2012-3734

Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.apple.com/kb/HT5503	Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Vendor Advisory
http://osvdb.org/85642
https://exchange.xforce.ibmcloud.com/vulnerabilities/78709

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
	cpe:2.3:o:apple:iphone_os:5.1:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
	cpe:2.3:o:apple:iphone_os:3.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:5.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.2:::::::*

Information

Published : 2012-09-20 14:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-3734

Mitre link : CVE-2012-3734

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

apple

iphone_os

1.9 /10