ID CVE-2012-2844
Summary The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.
References
Vulnerable Configurations
  • Google Chrome 20.0.1132.20
    cpe:2.3:a:google:chrome:20.0.1132.20
  • Google Chrome 20.0.1132.17
    cpe:2.3:a:google:chrome:20.0.1132.17
  • Google Chrome 20.0.1132.16
    cpe:2.3:a:google:chrome:20.0.1132.16
  • Google Chrome 20.0.1132.15
    cpe:2.3:a:google:chrome:20.0.1132.15
  • Google Chrome 20.0.1132.14
    cpe:2.3:a:google:chrome:20.0.1132.14
  • Google Chrome 20.0.1132.13
    cpe:2.3:a:google:chrome:20.0.1132.13
  • Google Chrome 20.0.1132.12
    cpe:2.3:a:google:chrome:20.0.1132.12
  • Google Chrome 20.0.1132.11
    cpe:2.3:a:google:chrome:20.0.1132.11
  • Google Chrome 20.0.1132.10
    cpe:2.3:a:google:chrome:20.0.1132.10
  • Google Chrome 20.0.1132.9
    cpe:2.3:a:google:chrome:20.0.1132.9
  • Google Chrome 20.0.1132.8
    cpe:2.3:a:google:chrome:20.0.1132.8
  • Google Chrome 20.0.1132.7
    cpe:2.3:a:google:chrome:20.0.1132.7
  • Google Chrome 20.0.1132.6
    cpe:2.3:a:google:chrome:20.0.1132.6
  • Google Chrome 20.0.1132.5
    cpe:2.3:a:google:chrome:20.0.1132.5
  • Google Chrome 20.0.1132.4
    cpe:2.3:a:google:chrome:20.0.1132.4
  • Google Chrome 20.0.1132.3
    cpe:2.3:a:google:chrome:20.0.1132.3
  • Google Chrome 20.0.1132.2
    cpe:2.3:a:google:chrome:20.0.1132.2
  • Google Chrome 20.0.1132.1
    cpe:2.3:a:google:chrome:20.0.1132.1
  • Google Chrome 20.0.1132.0
    cpe:2.3:a:google:chrome:20.0.1132.0
  • Google Chrome 20.0.1132.21
    cpe:2.3:a:google:chrome:20.0.1132.21
  • Google Chrome 20.0.1132.22
    cpe:2.3:a:google:chrome:20.0.1132.22
  • Google Chrome 20.0.1132.23
    cpe:2.3:a:google:chrome:20.0.1132.23
  • Google Chrome 20.0.1132.24
    cpe:2.3:a:google:chrome:20.0.1132.24
  • Google Chrome 20.0.1132.25
    cpe:2.3:a:google:chrome:20.0.1132.25
  • Google Chrome 20.0.1132.26
    cpe:2.3:a:google:chrome:20.0.1132.26
  • Google Chrome 20.0.1132.27
    cpe:2.3:a:google:chrome:20.0.1132.27
  • Google Chrome 20.0.1132.28
    cpe:2.3:a:google:chrome:20.0.1132.28
  • Google Chrome 20.0.1132.29
    cpe:2.3:a:google:chrome:20.0.1132.29
  • Google Chrome 20.0.1132.30
    cpe:2.3:a:google:chrome:20.0.1132.30
  • Google Chrome 20.0.1132.31
    cpe:2.3:a:google:chrome:20.0.1132.31
  • Google Chrome 20.0.1132.32
    cpe:2.3:a:google:chrome:20.0.1132.32
  • Google Chrome 20.0.1132.33
    cpe:2.3:a:google:chrome:20.0.1132.33
  • Google Chrome 20.0.1132.34
    cpe:2.3:a:google:chrome:20.0.1132.34
  • Google Chrome 20.0.1132.35
    cpe:2.3:a:google:chrome:20.0.1132.35
  • Google Chrome 20.0.1132.36
    cpe:2.3:a:google:chrome:20.0.1132.36
  • Google Chrome 20.0.1132.37
    cpe:2.3:a:google:chrome:20.0.1132.37
  • Google Chrome 20.0.1132.38
    cpe:2.3:a:google:chrome:20.0.1132.38
  • Google Chrome 20.0.1132.39
    cpe:2.3:a:google:chrome:20.0.1132.39
  • Google Chrome 20.0.1132.40
    cpe:2.3:a:google:chrome:20.0.1132.40
  • Google Chrome 20.0.1132.41
    cpe:2.3:a:google:chrome:20.0.1132.41
  • Google Chrome 20.0.1132.19
    cpe:2.3:a:google:chrome:20.0.1132.19
  • Google Chrome 20.0.1132.18
    cpe:2.3:a:google:chrome:20.0.1132.18
  • Google Chrome 20.0.1132.42
    cpe:2.3:a:google:chrome:20.0.1132.42
  • Google Chrome 20.0.1132.43
    cpe:2.3:a:google:chrome:20.0.1132.43
  • Google Chrome 20.0.1132.45
    cpe:2.3:a:google:chrome:20.0.1132.45
  • Google Chrome 20.0.1132.46
    cpe:2.3:a:google:chrome:20.0.1132.46
  • Google Chrome 20.0.1132.47
    cpe:2.3:a:google:chrome:20.0.1132.47
  • Google Chrome 20.0.1132.54
    cpe:2.3:a:google:chrome:20.0.1132.54
  • Google Chrome 20.0.1132.55
    cpe:2.3:a:google:chrome:20.0.1132.55
  • Google Chrome 20.0.1132.56
    cpe:2.3:a:google:chrome:20.0.1132.56
CVSS
Base: 9.3 (as of 13-07-2012 - 12:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_20_0_1132_57.NASL
    description The version of Google Chrome installed on the remote host is earlier than 20.0.1132.57 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to counter handling and layout height tracking. (CVE-2012-2842, CVE-2012-2843) - An error exists related to JavaScript object accesses in PDF handling. (CVE-2012-2844)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59958
    published 2012-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59958
    title Google Chrome < 20.0.1132.57 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2092A45BE2F611E1A8CA00262D5ED8EE.NASL
    description Google Chrome Releases reports : [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google.
    last seen 2018-09-02
    modified 2013-06-21
    plugin id 61501
    published 2012-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61501
    title FreeBSD : www/chromium -- multiple vulnerabilities (2092a45b-e2f6-11e1-a8ca-00262d5ed8ee)
oval via4
accepted 2013-08-12T04:07:11.974-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.
family windows
id oval:org.mitre.oval:def:15039
status accepted
submitted 2012-07-12T21:06:00.000-04:00
title The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code
version 44
refmap via4
confirm
Last major update 13-08-2012 - 23:37
Published 12-07-2012 - 17:55
Last modified 18-09-2017 - 21:35
Back to Top