var-201202-0247
Vulnerability from variot
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA48265
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE: 2012-03-05
DISCUSS ADVISORY: http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats handling.
14) A use-after-free error exists within SVG animation elements handling.
For more information: SA48033
SOLUTION: Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chamal de Silva 2, 4, 5, 14) Arthur Gerkis 3) Aki Helin, OUSPG 6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security restrictions.
6) An unspecified error can be exploited to bypass certain security restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in targeted attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lt",
"trust": 1.0,
"vendor": "adobe",
"version": "11.1.102.62"
},
{
"model": "flash player",
"scope": "lt",
"trust": 1.0,
"vendor": "adobe",
"version": "10.3.183.15"
},
{
"model": "flash player",
"scope": "gte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "11.1.102.62"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.x"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "7.0.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "7.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "4"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0.79"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0.21.0"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3218"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.35"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.1.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.15.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.21"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.157.51"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.53.64"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.26"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.14"
},
{
"model": "flash player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.62"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.8"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.159.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.1.102.55"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.25"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.15"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.23"
},
{
"model": "linux enterprise desktop sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.105.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.32"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.24"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.156.12"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.95.2"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.42.34"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.152.33"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.185.22"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.22.87"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.51.66"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.13"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.4"
},
{
"model": "flash player release candida",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.85.3"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.27"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.154.28"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.181.23"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.82.76"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.52.14.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.32.18"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.2.153.1"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.5"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.92.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.106.16"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.7"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.452"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.65"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.12.36"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.183.10"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.3.186.6"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.102.64"
}
],
"sources": [
{
"db": "BID",
"id": "52037"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:flash_player",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xu Liu of Fortinet\u0026acute;s FortiGuard Labs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
}
],
"trust": 0.6
},
"cve": "CVE-2012-0751",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-0751",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-54032",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0751",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-0751",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-319",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-54032",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGoogle Chrome Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48265\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48265/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48265\n\nRELEASE DATE:\n2012-03-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48265/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48265/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48265\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Google Chrome, where one\nhas an unknown impact and others can be exploited by malicious people\nto conduct cross-site scripting attacks, bypass certain security\nrestrictions, and compromise a user\u0027s system. \n\n1) A use-after-free error exists within v8 element wrapper handling. \n\n2) A use-after-free error exists within SVG value handling. \n\n3) A buffer overflow exists within the Skia drawing library. \n\n4) A use-after-free error exists within SVG document handling. \n\n5) A use-after-free error exists within SVG use handling. \n\n6) A casting error exists within line box handling. \n\n7) A casting error exists within anonymous block splitting. \n\n8) A use-after-free error exists within multi-column handling. \n\n9) A use-after-free error exists within quote handling. \n\n10) An out-of-bounds read error exists within text handling. \n\n11) A use-after-free error exists within class attribute handling. \n\n12) A use-after-free error exists within table section handling. \n\n13) A use-after-free error exists within flexbox with floats\nhandling. \n\n14) A use-after-free error exists within SVG animation elements\nhandling. \n\nFor more information:\nSA48033\n\nSOLUTION:\nUpdate to version 17.0.963.65. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Chamal de Silva\n2, 4, 5, 14) Arthur Gerkis\n3) Aki Helin, OUSPG\n6, 7, 8, 9, 10, 11, 12, 13) miaubiz\n\nORIGINAL ADVISORY:\nhttp://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nSecunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March\nListen to our Chief Security Specialist, Research Analyst Director, and Director Product Management \u0026 Quality Assurance discuss the industry\u0027s key topics. Also, visit the Secunia stand #817. \n\n1) An unspecified error in an ActiveX Control can be exploited to\ncorrupt memory. \n\n2) A type confusion error can be exploited to corrupt memory. \n\n3) An unspecified error related to MP4 parsing can be exploited to\ncorrupt memory. \n\n4) An unspecified error can be exploited to corrupt memory. \n\n5) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\n6) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nSuccessful exploitation of the vulnerabilities #1 through #6 may\nallow execution of arbitrary code. \n\n7) Certain unspecified input is not properly sanitised before being\nreturned to the user. \n\nNOTE: This vulnerability is reportedly being actively exploited in\ntargeted attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0751"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "BID",
"id": "52037"
},
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "PACKETSTORM",
"id": "110463"
},
{
"db": "PACKETSTORM",
"id": "109859"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0751",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "48265",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319",
"trust": 0.6
},
{
"db": "BID",
"id": "52037",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-54032",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110463",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "48033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109859",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "BID",
"id": "52037"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "PACKETSTORM",
"id": "110463"
},
{
"db": "PACKETSTORM",
"id": "109859"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"id": "VAR-201202-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54032"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:56:25.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB12-03",
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb12-03.html"
},
{
"title": "APSB12-03",
"trust": 0.8,
"url": "http://www.adobe.com/jp/support/security/bulletins/apsb12-03.html"
},
{
"title": "APSB12-03 (cpsid_93112)",
"trust": 0.8,
"url": "http://kb2.adobe.com/jp/cps/931/cpsid_93112.html"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20120217f.html"
},
{
"title": "Adobe Flash Player Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223264"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb12-03.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14985"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48265"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0751"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2012/at120006.txt"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0751"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/#topics"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48265/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48265/#comments"
},
{
"trust": 0.1,
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48265"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48033/"
},
{
"trust": 0.1,
"url": "http://www.rsaconference.com/events/2012/usa/index.htm"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48033"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48033/#comments"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "BID",
"id": "52037"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "PACKETSTORM",
"id": "110463"
},
{
"db": "PACKETSTORM",
"id": "109859"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54032"
},
{
"db": "BID",
"id": "52037"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"db": "PACKETSTORM",
"id": "110463"
},
{
"db": "PACKETSTORM",
"id": "109859"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-54032"
},
{
"date": "2012-02-15T00:00:00",
"db": "BID",
"id": "52037"
},
{
"date": "2012-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"date": "2012-03-06T03:53:43",
"db": "PACKETSTORM",
"id": "110463"
},
{
"date": "2012-02-16T07:06:32",
"db": "PACKETSTORM",
"id": "109859"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"date": "2012-02-16T19:55:00.990000",
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-54032"
},
{
"date": "2013-06-20T09:39:00",
"db": "BID",
"id": "52037"
},
{
"date": "2012-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001498"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-319"
},
{
"date": "2024-11-21T01:35:39.330000",
"db": "NVD",
"id": "CVE-2012-0751"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player of ActiveX Vulnerability in arbitrary code execution in control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001498"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-319"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.