CVE-2012-5185

Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN52197991/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002
https://itunes.apple.com/us/app/documents-pro/id374142847
http://jvn.jp/en/jp/JVN52197991/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002
https://itunes.apple.com/us/app/documents-pro/id374142847

Configurations

Configuration 1 (hide)

cpe:2.3:a:olivetoast:documents_pro_file_viewer:*:-:*:*:*:iphone_os:*:*

History

No history.

Information

Published : 2013-01-19 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-5185

Mitre link : CVE-2012-5185

CVE.ORG link : CVE-2012-5185

JSON object : View

Products Affected

olivetoast

documents_pro_file_viewer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2012-5185", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-19T20:55:00.900", "references": [{"url": "http://jvn.jp/en/jp/JVN52197991/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002", "source": "vultures@jpcert.or.jp"}, {"url": "https://itunes.apple.com/us/app/documents-pro/id374142847", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN52197991/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://itunes.apple.com/us/app/documents-pro/id374142847", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n Olive Toast Documents Pro File Viewer (antes Files HD) antes de v1.11.1 para iOS que permite a atacantes remotos leer o eliminar archivos aprovechadno el acceso para invitados."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:olivetoast:documents_pro_file_viewer:*:-:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "9D5AAD60-9B08-4F16-B93C-273D61B999CA", "versionEndIncluding": "1.11"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}