7.1

CVE-2011-3640

Exploit
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 17.0
   ApplemacOS Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.689
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 3.9 10
AV:N/AC:H/Au:S/C:C/I:C/A:C
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://hermes.opensuse.org/messages/13154861
Broken Link
https://hermes.opensuse.org/messages/13155432
Broken Link
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
Third Party Advisory
Exploit
http://code.google.com/p/chromium/issues/detail?id=97426
Patch
Vendor Advisory
Exploit
Issue Tracking
http://securityreason.com/securityalert/8483
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
Patch
Third Party Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
Third Party Advisory