Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

WebKit contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs during the handling of dragged files, which discloses the file's path location. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Classification

Location: Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Apple Safari version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-3694 (see also: NVD)
Secunia Advisory ID: 50058
Related OSVDB ID: 84200 84201 84203 84204 84205 84207 84208 84209 84210 84211 84213 84214
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84206