CVE-2012-6112

NameCVE-2012-6112
Descriptionclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs701667, 702387

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tinymce (PTS)jessie, stretch3.4.8+dfsg0-1fixed
buster, sid3.4.8+dfsg0-2fixed
wordpress (PTS)jessie4.1+dfsg-1+deb8u17fixed
jessie (security)4.1+dfsg-1+deb8u18fixed
stretch (security), stretch4.7.5+dfsg-2+deb9u4fixed
buster, sid5.0.2+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesource(unstable)2.5-1medium702387
moodlesourcesqueeze(not affected)
moodlesourcewheezy2.2.3.dfsg-2.6~wheezy2medium
tinymcesource(unstable)(not affected)
wordpresssource(unstable)3.5.1+dfsg-2medium
wordpresssourcesqueeze3.5.2+dfsg-1~deb6u1medium701667
wordpresssourcewheezy3.5.2+dfsg-1~deb7u1medium701667

Notes

- tinymce <not-affected> (TinyMCE Google spellchecker plugin)
[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
http://www.tinymce.com/develop/changelog/?type=phpspell
patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
http://www.tinymce.com/forum/viewtopic.php?id=30036

Search for package or bug name: Reporting problems