cvelistv5 - CVE-2012-2647

CVE-2012-2647 (GCVE-0-2012-2647)

Vulnerability from cvelistv5

Published

2012-07-31 10:00

Modified

2024-09-16 23:00

Severity ?

CWE

Summary

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201207-0526

Vulnerability from variot

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Toolbar is prone to a remote security vulnerability. Yahoo! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0526",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "toolbar",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yahoo",
        "version": "1.0.0.5"
      },
      {
        "model": "toolbar",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "yahoo",
        "version": "1.0.0.5"
      },
      {
        "model": "installer of yahoo! toolbar",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yahoo",
        "version": "for chrome ver.1.0.0.5"
      },
      {
        "model": "installer of yahoo! toolbar",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yahoo",
        "version": "for safari ver.1.0.0.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "78201"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2647",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2012-2647",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2012-000072",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-55928",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2647",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2012-000072",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201207-601",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-55928",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Toolbar is prone to a remote security vulnerability. Yahoo! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "BID",
        "id": "78201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2647",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVN51769987",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072",
        "trust": 2.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601",
        "trust": 0.7
      },
      {
        "db": "JVN",
        "id": "JVN#51769987",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "78201",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-55928",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "db": "BID",
        "id": "78201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "id": "VAR-201207-0526",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:02:38.847000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Yahoo! Toolbar",
        "trust": 0.8,
        "url": "http://toolbar.yahoo.co.jp/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://jvn.jp/en/jp/jvn51769987/index.html"
      },
      {
        "trust": 2.0,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2012-000072"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2647"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn51769987/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2647"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "db": "BID",
        "id": "78201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "db": "BID",
        "id": "78201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-07-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "date": "2012-07-31T00:00:00",
        "db": "BID",
        "id": "78201"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "date": "2012-07-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "date": "2012-07-31T10:45:42.093000",
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-07-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55928"
      },
      {
        "date": "2012-07-31T00:00:00",
        "db": "BID",
        "id": "78201"
      },
      {
        "date": "2012-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      },
      {
        "date": "2012-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      },
      {
        "date": "2024-11-21T01:39:21.120000",
        "db": "NVD",
        "id": "CVE-2012-2647"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-000072"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-601"
      }
    ],
    "trust": 0.6
  }
}

gsd-2012-2647

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

Aliases

CVE-2012-2647

Aliases

CVE-2012-2647

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2647",
    "description": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.",
    "id": "GSD-2012-2647"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2647"
      ],
      "details": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.",
      "id": "GSD-2012-2647",
      "modified": "2023-12-13T01:20:15.723748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2012-2647",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#51769987",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN51769987/index.html"
          },
          {
            "name": "JVNDB-2012-000072",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yahoo:toolbar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.0.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-2647"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2012-000072",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
            },
            {
              "name": "JVN#51769987",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN51769987/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-07-31T10:45Z",
      "publishedDate": "2012-07-31T10:45Z"
    }
  }
}

ghsa-jv6m-wr9m-f98f

Vulnerability from github

Published

2022-05-17 05:27

Modified

2022-05-17 05:27

Details

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-07-31T10:45:00Z",
    "severity": "MODERATE"
  },
  "details": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.",
  "id": "GHSA-jv6m-wr9m-f98f",
  "modified": "2022-05-17T05:27:13Z",
  "published": "2022-05-17T05:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2647"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN51769987/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2012-2647

Vulnerability from fkie_nvd

Published

2012-07-31 10:45

Modified

2025-04-11 00:51

Severity ?

Summary

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN51769987/index.html
	vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN51769987/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072

Impacted products

Vendor	Product	Version
yahoo	toolbar	*
apple	safari	*
google	chrome	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yahoo:toolbar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B62220DE-72E1-484D-99C8-ED5020D52472",
              "versionEndIncluding": "1.0.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E9B637-69D8-4E4F-8896-F8F14CC55E03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page."
    },
    {
      "lang": "es",
      "value": "Yahoo! Toolbar v1.0.0.5 y anteriores para Chrome y Safari, permiten a usuarios remotos modificar la URL de b\u00fasqueda configurada e interceptar termindos de b\u00fasqueda a trav\u00e9s de una p\u00e1gina web modificada."
    }
  ],
  "id": "CVE-2012-2647",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-07-31T10:45:42.093",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN51769987/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN51769987/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2647

Vulnerability from jvndb

Published

2012-07-30 14:56

Modified

2012-08-02 16:33

Severity ?

() - -

Summary

Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Details

Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN51769987/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2647
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2647
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Yahoo Japan Corporation

Installer of Yahoo! Toolbar

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
  "dc:date": "2012-08-02T16:33+09:00",
  "dcterms:issued": "2012-07-30T14:56+09:00",
  "dcterms:modified": "2012-08-02T16:33+09:00",
  "description": "Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.\r\n\r\nYahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
    "@product": "Installer of Yahoo! Toolbar",
    "@vendor": "Yahoo Japan Corporation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000072",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN51769987/",
      "@id": "JVN#51769987",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2647",
      "@id": "CVE-2012-2647",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2647",
      "@id": "CVE-2012-2647",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-2647 (GCVE-0-2012-2647)

Vulnerability from cvelistv5

var-201207-0526

Vulnerability from variot

gsd-2012-2647

Vulnerability from gsd

ghsa-jv6m-wr9m-f98f

Vulnerability from github

fkie_cve-2012-2647

Vulnerability from fkie_nvd

CVE-2012-2647

Vulnerability from jvndb

Tags

Sightings

Nomenclature