CVE-2011-3640

Sažetak

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Reference

http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
http://securityreason.com/securityalert/8483
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414

CVSS

Base:	7.1
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-08-2024 - 00:15

Objavljeno

28-10-2011 - 02:49