CVE-2010-0646

Sažetak

Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.

Reference

http://code.google.com/p/chromium/issues/detail?id=31009
http://code.google.com/p/v8/source/detail?r=3560
http://codereview.chromium.org/525064
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
http://secunia.com/advisories/38545
http://securitytracker.com/id?1023583
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
http://www.osvdb.org/62316
http://www.securityfocus.com/bid/38177
http://www.vupen.com/english/advisories/2010/0361
https://exchange.xforce.ibmcloud.com/vulnerabilities/56213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14222

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:30

Objavljeno

18-02-2010 - 18:00