Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6112

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-6112
Last Modified 30 Jan 2013 12:00:00
Published 27 Jan 2013 05:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6112

Summary

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Vulnerable Systems

Application

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.1.7

  • Moodle 2.1.8

  • Moodle 2.1.9

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.2.6

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.2

  • Moodle 2.3.3

  • Moodle 2.4

  • Tinymce Spellchecker Php 2.0

  • Tinymce Spellchecker Php 2.0.1

  • Tinymce Spellchecker Php 2.0.2

  • Tinymce Spellchecker Php 2.0.3

  • Tinymce Spellchecker Php 2.0.6

  • Tinymce Spellchecker Php 2.0a1

  • Tinymce Spellchecker Php 2.0a2

  • Tinymce Spellchecker Php 2.0b1

  • Tinymce Spellchecker Php 2.0b2


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=220157

CONFIRM - https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974

CONFIRM - http://www.tinymce.com/forum/viewtopic.php?id=30036

CONFIRM - http://www.tinymce.com/develop/changelog/?type=phpspell

MLIST - [oss-security] 20130121 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283


Last Updated: 27 May 2016 11:01:44