ID CVE-2012-2866
Summary Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
References
Vulnerable Configurations
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • Google Chrome 21.0.1180.0
    cpe:2.3:a:google:chrome:21.0.1180.0
  • Google Chrome 21.0.1180.1
    cpe:2.3:a:google:chrome:21.0.1180.1
  • Google Chrome 21.0.1180.2
    cpe:2.3:a:google:chrome:21.0.1180.2
  • Google Chrome 21.0.1180.31
    cpe:2.3:a:google:chrome:21.0.1180.31
  • Google Chrome 21.0.1180.32
    cpe:2.3:a:google:chrome:21.0.1180.32
  • Google Chrome 21.0.1180.33
    cpe:2.3:a:google:chrome:21.0.1180.33
  • Google Chrome 21.0.1180.34
    cpe:2.3:a:google:chrome:21.0.1180.34
  • Google Chrome 21.0.1180.35
    cpe:2.3:a:google:chrome:21.0.1180.35
  • Google Chrome 21.0.1180.36
    cpe:2.3:a:google:chrome:21.0.1180.36
  • Google Chrome 21.0.1180.37
    cpe:2.3:a:google:chrome:21.0.1180.37
  • Google Chrome 21.0.1180.38
    cpe:2.3:a:google:chrome:21.0.1180.38
  • Google Chrome 21.0.1180.39
    cpe:2.3:a:google:chrome:21.0.1180.39
  • Google Chrome 21.0.1180.41
    cpe:2.3:a:google:chrome:21.0.1180.41
  • Google Chrome 21.0.1180.46
    cpe:2.3:a:google:chrome:21.0.1180.46
  • Google Chrome 21.0.1180.47
    cpe:2.3:a:google:chrome:21.0.1180.47
  • Google Chrome 21.0.1180.48
    cpe:2.3:a:google:chrome:21.0.1180.48
  • Google Chrome 21.0.1180.49
    cpe:2.3:a:google:chrome:21.0.1180.49
  • Google Chrome 21.0.1180.50
    cpe:2.3:a:google:chrome:21.0.1180.50
  • Google Chrome 21.0.1180.51
    cpe:2.3:a:google:chrome:21.0.1180.51
  • Google Chrome 21.0.1180.52
    cpe:2.3:a:google:chrome:21.0.1180.52
  • Google Chrome 21.0.1180.53
    cpe:2.3:a:google:chrome:21.0.1180.53
  • Google Chrome 21.0.1180.54
    cpe:2.3:a:google:chrome:21.0.1180.54
  • Google Chrome 21.0.1180.55
    cpe:2.3:a:google:chrome:21.0.1180.55
  • Google Chrome 21.0.1180.56
    cpe:2.3:a:google:chrome:21.0.1180.56
  • Google Chrome 21.0.1180.57
    cpe:2.3:a:google:chrome:21.0.1180.57
  • Google Chrome 21.0.1180.59
    cpe:2.3:a:google:chrome:21.0.1180.59
  • Google Chrome 21.0.1180.60
    cpe:2.3:a:google:chrome:21.0.1180.60
  • Google Chrome 21.0.1180.61
    cpe:2.3:a:google:chrome:21.0.1180.61
  • Google Chrome 21.0.1180.62
    cpe:2.3:a:google:chrome:21.0.1180.62
  • Google Chrome 21.0.1180.63
    cpe:2.3:a:google:chrome:21.0.1180.63
  • Google Chrome 21.0.1180.64
    cpe:2.3:a:google:chrome:21.0.1180.64
  • Google Chrome 21.0.1180.68
    cpe:2.3:a:google:chrome:21.0.1180.68
  • Google Chrome 21.0.1180.69
    cpe:2.3:a:google:chrome:21.0.1180.69
  • Google Chrome 21.0.1180.70
    cpe:2.3:a:google:chrome:21.0.1180.70
  • Google Chrome 21.0.1180.71
    cpe:2.3:a:google:chrome:21.0.1180.71
  • Google Chrome 21.0.1180.72
    cpe:2.3:a:google:chrome:21.0.1180.72
  • Google Chrome 21.0.1180.73
    cpe:2.3:a:google:chrome:21.0.1180.73
  • Google Chrome 21.0.1180.74
    cpe:2.3:a:google:chrome:21.0.1180.74
  • Google Chrome 21.0.1180.75
    cpe:2.3:a:google:chrome:21.0.1180.75
  • Google Chrome 21.0.1180.76
    cpe:2.3:a:google:chrome:21.0.1180.76
  • Google Chrome 21.0.1180.77
    cpe:2.3:a:google:chrome:21.0.1180.77
  • Google Chrome 21.0.1180.78
    cpe:2.3:a:google:chrome:21.0.1180.78
  • Google Chrome 21.0.1180.79
    cpe:2.3:a:google:chrome:21.0.1180.79
  • Google Chrome 21.0.1180.80
    cpe:2.3:a:google:chrome:21.0.1180.80
  • Google Chrome 21.0.1180.81
    cpe:2.3:a:google:chrome:21.0.1180.81
  • Google Chrome 21.0.1180.82
    cpe:2.3:a:google:chrome:21.0.1180.82
  • Google Chrome 21.0.1180.83
    cpe:2.3:a:google:chrome:21.0.1180.83
  • Google Chrome 21.0.1180.84
    cpe:2.3:a:google:chrome:21.0.1180.84
  • Google Chrome 21.0.1180.85
    cpe:2.3:a:google:chrome:21.0.1180.85
  • Google Chrome 21.0.1180.86
    cpe:2.3:a:google:chrome:21.0.1180.86
  • Google Chrome 21.0.1180.87
    cpe:2.3:a:google:chrome:21.0.1180.87
  • Google Chrome 21.0.1180.88
    cpe:2.3:a:google:chrome:21.0.1180.88
CVSS
Base: 7.5 (as of 29-09-2016 - 11:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_21_0_1180_89.NASL
    description The version of Google Chrome installed on the remote host is earlier than 21.0.1180.89 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to line-breaking. (CVE-2012-2865) - Variable casting errors exist related to 'run-ins' and XSL transformations. (CVE-2012-2866, CVE-2012-2871) - An unspecified error exists related to the SPDY protocol that can result in application crashes. (CVE-2012-2867) - A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868) - An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869) - Memory management issues exist related to XPath processing. (CVE-2012-2870) - Cross-site scripting is possible during the SSL interstitial process. (CVE-2012-2872) Successful exploitation of any of these issues could lead to an application crash or arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 61774
    published 2012-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61774
    title Google Chrome < 21.0.1180.89 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-619.NASL
    description Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards : Please see the Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - [135485 ] Low CVE-2012-2867: Browser crash with SPDY. - [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - [137778 ] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - [138672 ] [ 140368 ] LowCVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74759
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74759
    title openSUSE Security Update : chromium (openSUSE-SU-2012:1215-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201210-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201210-07 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62652
    published 2012-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62652
    title GLSA-201210-07 : Chromium: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EE68923DF2F511E1801400262D5ED8EE.NASL
    description Google Chrome Releases reports : [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. [135485] Low CVE-2012-2867: Browser crash with SPDY. [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2013-06-22
    plugin id 61744
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61744
    title FreeBSD : chromium -- multiple vulnerabilities (ee68923d-f2f5-11e1-8014-00262d5ed8ee)
oval via4
accepted 2013-08-12T04:07:46.338-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
family windows
id oval:org.mitre.oval:def:15609
status accepted
submitted 2012-09-04T21:28:36.262-04:00
title Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements
version 43
refmap via4
confirm
osvdb 85031
suse openSUSE-SU-2012:1215
xf chrome-runins-code-exec(78175)
Last major update 29-09-2016 - 14:36
Published 31-08-2012 - 15:55
Last modified 30-10-2018 - 12:27
Back to Top