Vulnerability CVE-2012-1943 - CERT Civis.Net

Vulnerability Name:

CVE-2012-1943 (CCN-76071)

Assigned:

2012-06-05

Published:

2012-06-05

Updated:

2017-12-29

Summary:

Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.
http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2012-1943

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0746

Source: CCN
Type: SA49366
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Source: CCN
Type: SA49368
Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Source: CCN
Type: MFSA 2012-35
Privilege escalation through Mozilla Updater and Windows Updater Service

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-35.html

Source: CCN
Type: OSVDB ID: 82670
Mozilla Multiple Product Updater Service wsock32.dll Module Loading Local Privilege Escalation

Source: CCN
Type: BID-53807
Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1943 Local Privilege Escalation Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=750850

Source: XF
Type: UNKNOWN
firefox-updater-privilege-esc(76071)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16924

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:12.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:7.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:8.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:9.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:11.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20121943	V	CVE-2012-1943	2022-05-20
oval:org.opensuse.security:def:32162	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32087	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32075	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32900	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:29489	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:32833	P	Security update for ovmf (Moderate)	2020-12-16
oval:org.opensuse.security:def:32745	P	lvm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28413	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29525	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28649	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:32296	P	Security update for procmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:28066	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:28751	P	Security update for libmspack	2020-12-01
oval:org.opensuse.security:def:32446	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28142	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:33577	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28807	P	Security update for perl	2020-12-01
oval:org.opensuse.security:def:32689	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28356	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:32794	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28497	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:28065	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:32856	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28702	P	Security update for GPG2	2020-12-01
oval:org.opensuse.security:def:32389	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:28077	P	Security update for fuse (Moderate)	2020-12-01
oval:org.opensuse.security:def:33538	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28790	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:32533	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28272	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:28851	P	Security update for Xen	2020-12-01
oval:org.mitre.oval:def:16924	V	Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.	2014-10-06