CVE-2011-3640

Exploit

EPSS 0.37%
Published 28.10.2011 02:49:53
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 17.0

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.578

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	3.9	10	AV:N/AC:H/Au:S/C:C/I:C/A:C

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://hermes.opensuse.org/messages/13154861

Broken Link

https://hermes.opensuse.org/messages/13155432

Broken Link

http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html

Third Party Advisory

Exploit

http://code.google.com/p/chromium/issues/detail?id=97426

Patch

Vendor Advisory

Exploit

Issue Tracking