Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802339
Category:General
Title:Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Mac OS X)
Summary:The host is installed with Google Chrome and is prone to privilege; escalation vulnerability
Description:Summary:
The host is installed with Google Chrome and is prone to privilege
escalation vulnerability

Vulnerability Insight:
The flaw is due to an error in the Mozilla Network Security Services
(NSS) library, which can be exploited by sending Trojan horse pkcs11.txt
file in a top-level directory.

Vulnerability Impact:
Successful exploitation will let the local attacker to execute arbitrary
code with an elevated privileges.

Affected Software/OS:
Google Chrome version 16.0.912.21 and prior on Mac OS X

Solution:
Upgrade to the Google Chrome 17 or later.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:H/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3640
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
http://securityreason.com/securityalert/8483
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.