4.3

CVE-2011-1202

Exploit
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 10.0.648.127
XmlsoftLibxslt Version <= 1.1.26
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.42% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
Vendor Advisory
http://www.securityfocus.com/bid/46785
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0628
Permissions Required
http://code.google.com/p/chromium/issues/detail?id=73716
Patch
Vendor Advisory
Exploit
Issue Tracking
http://downloads.avaya.com/css/P8/documents/100144158
Third Party Advisory
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f
Patch
Third Party Advisory
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=684386
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244
Third Party Advisory