ID CVE-2011-3044 Type cve Reporter NVD Modified 2018-01-12T21:29:08
Description
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
{"openvas": [{"lastseen": "2017-07-02T21:10:49", "references": [], "pluginID": "71161", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-03-12T00:00:00", "title": "FreeBSD Ports: chromium", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2017-04-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71161", "id": "OPENVAS:71161", "sourceData": "#\n#VID 99aef698-66ed-11e1-8288-00262d5ed8ee\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: chromium\n\nCVE-2011-3031\nUse-after-free vulnerability in the element wrapper in Google V8, as\nused in Google Chrome before 17.0.963.65, allows remote attackers to\ncause a denial of service or possibly have unspecified other impact\nvia unknown vectors.\n\nCVE-2011-3032\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of SVG\nvalues.\n\nCVE-2011-3033\nBuffer overflow in Skia, as used in Google Chrome before 17.0.963.65,\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\nCVE-2011-3034\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving an SVG document.\n\nCVE-2011-3035\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving SVG use elements.\n\nCVE-2011-3036\nGoogle Chrome before 17.0.963.65 does not properly perform a cast of\nan unspecified variable during handling of line boxes, which allows\nremote attackers to cause a denial of service or possibly have unknown\nother impact via a crafted document.\n\nCVE-2011-3037\nGoogle Chrome before 17.0.963.65 does not properly perform casts of\nunspecified variables during the splitting of anonymous blocks, which\nallows remote attackers to cause a denial of service or possibly have\nunknown other impact via a crafted document.\n\nCVE-2011-3038\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to multi-column handling.\n\nCVE-2011-3039\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to quote handling.\n\nCVE-2011-3040\nGoogle Chrome before 17.0.963.65 does not properly handle text, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) via a crafted document.\n\nCVE-2011-3041\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of class\nattributes.\n\nCVE-2011-3042\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of table\nsections.\n\nCVE-2011-3043\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving a flexbox (aka flexible\nbox) in conjunction with the floating of elements.\n\nCVE-2011-3044\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving SVG animation elements.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://googlechromereleases.blogspot.com/search/label/Stable%20updates\nhttp://www.vuxml.org/freebsd/99aef698-66ed-11e1-8288-00262d5ed8ee.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71161);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_version(\"$Revision: 6018 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: chromium\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"chromium\");\nif(!isnull(bver) && revcomp(a:bver, b:\"17.0.963.65\")<0) {\n txt += \"Package chromium version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:44:03", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265", "http://www.google.com/chrome"], "pluginID": "1361412562310802809", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 8, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310802809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_macosx.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802809\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 16:21:09 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48265\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026759\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.65 on Mac OS X\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.65 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:40", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265"], "pluginID": "802807", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 1, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2017-04-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802807", "id": "OPENVAS:802807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_win.nasl 6022 2017-04-25 12:51:04Z teissa $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.65 on Windows\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.65 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802807);\n script_version(\"$Revision: 6022 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 15:19:55 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48265\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026759\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = NULL;\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 17.0.963.65\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-08T12:45:04", "references": ["http://www.vuxml.org/freebsd/99aef698-66ed-11e1-8288-00262d5ed8ee.html", "http://googlechromereleases.blogspot.com/search/label/Stable%20updates"], "pluginID": "136141256231071161", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "edition": 5, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-03-12T00:00:00", "title": "FreeBSD Ports: chromium", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071161", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_chromium6.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71161\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: chromium\n\nCVE-2011-3031\nUse-after-free vulnerability in the element wrapper in Google V8, as\nused in Google Chrome before 17.0.963.65, allows remote attackers to\ncause a denial of service or possibly have unspecified other impact\nvia unknown vectors.\n\nCVE-2011-3032\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of SVG\nvalues.\n\nCVE-2011-3033\nBuffer overflow in Skia, as used in Google Chrome before 17.0.963.65,\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors.\n\nCVE-2011-3034\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving an SVG document.\n\nCVE-2011-3035\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving SVG use elements.\n\nCVE-2011-3036\nGoogle Chrome before 17.0.963.65 does not properly perform a cast of\nan unspecified variable during handling of line boxes, which allows\nremote attackers to cause a denial of service or possibly have unknown\nother impact via a crafted document.\n\nCVE-2011-3037\nGoogle Chrome before 17.0.963.65 does not properly perform casts of\nunspecified variables during the splitting of anonymous blocks, which\nallows remote attackers to cause a denial of service or possibly have\nunknown other impact via a crafted document.\n\nCVE-2011-3038\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to multi-column handling.\n\nCVE-2011-3039\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to quote handling.\n\nCVE-2011-3040\nGoogle Chrome before 17.0.963.65 does not properly handle text, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) via a crafted document.\n\nCVE-2011-3041\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of class\nattributes.\n\nCVE-2011-3042\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to the handling of table\nsections.\n\nCVE-2011-3043\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving a flexbox (aka flexible\nbox) in conjunction with the floating of elements.\n\nCVE-2011-3044\nUse-after-free vulnerability in Google Chrome before 17.0.963.65\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving SVG animation elements.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/search/label/Stable%20updates\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/99aef698-66ed-11e1-8288-00262d5ed8ee.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"chromium\");\nif(!isnull(bver) && revcomp(a:bver, b:\"17.0.963.65\")<0) {\n txt += \"Package chromium version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:43:57", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265", "http://www.google.com/chrome"], "pluginID": "1361412562310802808", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 8, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310802808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_lin.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802808\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 15:50:55 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48265\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026759\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.65 on Linux.\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.65 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-12T12:50:33", "references": ["2012:0374_1"], "pluginID": "1361412562310850231", "description": "Check for the Version of update", "edition": 4, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-13T00:00:00", "title": "SuSE Update for update openSUSE-SU-2012:0374-1 (update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-11-09T00:00:00", "id": "OPENVAS:1361412562310850231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850231", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0374_1.nasl 12294 2018-11-09 15:31:55Z cfischer $\n#\n# SuSE Update for update openSUSE-SU-2012:0374-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850231\");\n script_version(\"$Revision: 12294 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-09 16:31:55 +0100 (Fri, 09 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:25 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0374_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:0374-1 (update)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n script_tag(name:\"affected\", value:\"update on openSUSE 12.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Changes in chromium:\n\n - Update to 19.0.1066\n\n * Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n\n * Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n\n * Fixed a GPU crash (Issue: 116096)\n\n * More fixes for Back button frequently hangs (Issue:\n 93427)\n\n * Bastion now works (Issue: 116285)\n\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n * Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n\n * Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n\n * Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n\n - Security Fixes:\n\n * Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n\n * Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n\n * Fixed NTP signed in state is missing (Issue: 112676)\n\n * Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n\n * Focus "OK" button on Javascript dialogs (Issue: 111015)\n\n * Fixed Back button frequently hangs (Issue: 93427)\n\n * Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n\n * Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n\n * Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n\n * Fixed importing of bookmarks, history, etc. from\n Firefox 10+.\n\n * Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n\n * Fixed several crashes (Issues: 111376, 108688, 114391)\n\n * Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n\n * Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n\n * Fixed All "Extensions" make an entry under the "NTP\n Apps" page (Issue: 113672)\n\n - Security Fixes (bnc#750407):\n\n * High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n\n * High CVE-2011-3032: Use-after-free in SVG value\n handling.\n\n * High CVE-2011-3033: Buffer overflow in the Skia\n drawing library.\n\n * High CVE-2011-3034: Use-after-free in SVG document\n handling.\n\n * High CVE-2011-3035: Use-after-free in SVG use handling.\n\n * High CVE-2011-3036: Bad cast in line box handling.\n\n * High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n\n * High CVE-2011-3038: Use-after-free in multi-column\n handling.\n\n * High CVE-2011-3039: Use-after-free in quote handling.\n\n * High CVE-2011-3040: ...\n\n Description truncated, for more information please check the Reference URL\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libv8-3\", rpm:\"libv8-3~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libv8-3-debuginfo\", rpm:\"libv8-3-debuginfo~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-debugsource\", rpm:\"v8-debugsource~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-devel\", rpm:\"v8-devel~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-private-headers-devel\", rpm:\"v8-private-headers-devel~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:50:13", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265"], "pluginID": "802808", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 2, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)", "type": "openvas", "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2017-07-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802808", "id": "OPENVAS:802808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_lin.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.65 on Linux.\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.65 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802808);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 15:50:55 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48265\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026759\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = NULL;\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 17.0.963.65\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:23", "references": ["2012:0374_1"], "pluginID": "850231", "description": "Check for the Version of update", "edition": 4, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "SuSE Update for update openSUSE-SU-2012:0374-1 (update)", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-01-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850231", "id": "OPENVAS:850231", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0374_1.nasl 8265 2018-01-01 06:29:23Z teissa $\n#\n# SuSE Update for update openSUSE-SU-2012:0374-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Changes in chromium:\n - Update to 19.0.1066\n * Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n * Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n * Fixed a GPU crash (Issue: 116096)\n * More fixes for Back button frequently hangs (Issue:\n 93427)\n * Bastion now works (Issue: 116285)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n * Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n * Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n - Security Fixes:\n * Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n * Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n * Fixed NTP signed in state is missing (Issue: 112676)\n * Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n * Focus "OK" button on Javascript dialogs (Issue: 111015)\n * Fixed Back button frequently hangs (Issue: 93427)\n * Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n * Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n * Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n * Fixed importing of bookmarks, history, etc. from\n Firefox 10+.\n * Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n * Fixed several crashes (Issues: 111376, 108688, 114391)\n * Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n * Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n * Fixed All "Extensions" make an entry under the "NTP\n Apps" page (Issue: 113672)\n - Security Fixes (bnc#750407):\n * High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n * High CVE-2011-3032: Use-after-free in SVG value\n handling.\n * High CVE-2011-3033: Buffer overflow in the Skia\n drawing library.\n * High CVE-2011-3034: Use-after-free in SVG document\n handling.\n * High CVE-2011-3035: Use-after-free in SVG use handling.\n * High CVE-2011-3036: Bad cast in line box handling.\n * High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n * High CVE-2011-3038: Use-after-free in multi-column\n handling.\n * High CVE-2011-3039: Use-after-free in quote handling.\n * High CVE-2011-3040: ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"update on openSUSE 12.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850231);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:25 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0374_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:0374-1 (update)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~19.0.1066.0~1.11.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libv8-3\", rpm:\"libv8-3~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libv8-3-debuginfo\", rpm:\"libv8-3-debuginfo~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-debugsource\", rpm:\"v8-debugsource~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-devel\", rpm:\"v8-devel~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"v8-private-headers-devel\", rpm:\"v8-private-headers-devel~3.9.13.0~1.15.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:42:29", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265", "http://www.google.com/chrome"], "pluginID": "1361412562310802807", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 10, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310802807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_win.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802807\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 15:19:55 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48265\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026759\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.65 on Windows\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.65 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-19T10:50:10", "references": ["http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html", "http://securitytracker.com/id/1026759", "http://secunia.com/advisories/48265"], "pluginID": "802809", "description": "The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.", "edition": 2, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)", "type": "openvas", "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2017-07-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802809", "id": "OPENVAS:802809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar12_macosx.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.65 on Mac OS X\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.65 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802809);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\",\n \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\",\n \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\",\n \"CVE-2011-3043\", \"CVE-2011-3044\");\n script_bugtraq_id(52271);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-08 16:21:09 +0530 (Thu, 08 Mar 2012)\");\n script_name(\"Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48265\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026759\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = NULL;\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 17.0.963.65\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.65\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:04:12", "references": ["http://www.nessus.org/u?5585386e", "http://www.nessus.org/u?29fa020e"], "pluginID": "58210", "description": "Google Chrome Releases reports :\n\n[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper.\nCredit to Chamal de Silva.\n\n[108037] High CVE-2011-3032: Use-after-free in SVG value handling.\nCredit to Arthur Gerkis.\n\n[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.\n\n[111748] High CVE-2011-3034: Use-after-free in SVG document handling.\nCredit to Arthur Gerkis.\n\n[112212] High CVE-2011-3035: Use-after-free in SVG use handling.\nCredit to Arthur Gerkis.\n\n[113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.\n\n[113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.\n\n[113497] High CVE-2011-3038: Use-after-free in multi-column handling.\nCredit to miaubiz.\n\n[113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.\n\n[114054] High CVE-2011-3040: Out-of-bounds read in text handling.\nCredit to miaubiz.\n\n[114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.\n\n[114219] High CVE-2011-3042: Use-after-free in table section handling.\nCredit to miaubiz.\n\n[115681] High CVE-2011-3043: Use-after-free in flexbox with floats.\nCredit to miaubiz.\n\n[116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.", "edition": 4, "reporter": "Tenable", "published": "2012-03-06T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2013-06-22T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_99AEF69866ED11E1828800262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58210);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/06/22 00:02:03 $\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper.\nCredit to Chamal de Silva.\n\n[108037] High CVE-2011-3032: Use-after-free in SVG value handling.\nCredit to Arthur Gerkis.\n\n[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia\ndrawing library. Credit to Aki Helin of OUSPG.\n\n[111748] High CVE-2011-3034: Use-after-free in SVG document handling.\nCredit to Arthur Gerkis.\n\n[112212] High CVE-2011-3035: Use-after-free in SVG use handling.\nCredit to Arthur Gerkis.\n\n[113258] High CVE-2011-3036: Bad cast in line box handling. Credit to\nmiaubiz.\n\n[113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous\nblock splitting. Credit to miaubiz.\n\n[113497] High CVE-2011-3038: Use-after-free in multi-column handling.\nCredit to miaubiz.\n\n[113707] High CVE-2011-3039: Use-after-free in quote handling. Credit\nto miaubiz.\n\n[114054] High CVE-2011-3040: Out-of-bounds read in text handling.\nCredit to miaubiz.\n\n[114068] High CVE-2011-3041: Use-after-free in class attribute\nhandling. Credit to miaubiz.\n\n[114219] High CVE-2011-3042: Use-after-free in table section handling.\nCredit to miaubiz.\n\n[115681] High CVE-2011-3043: Use-after-free in flexbox with floats.\nCredit to miaubiz.\n\n[116093] High CVE-2011-3044: Use-after-free with SVG animation\nelements. Credit to Arthur Gerkis.\"\n );\n # http://googlechromereleases.blogspot.com/search/label/Stable%20updates\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29fa020e\"\n );\n # http://www.freebsd.org/ports/portaudit/99aef698-66ed-11e1-8288-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5585386e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<17.0.963.65\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:07:29", "references": ["http://www.nessus.org/u?e979fa5d"], "pluginID": "58206", "description": "The version of Google Chrome installed on the remote host is earlier than 17.0.963.65 and is, therefore, affected by the following vulnerabilities:\n\n - Use-after-free errors exist related to 'v8 element wrapper', SVG value handling, SVG document handling, SVG use handling, multi-column handling, quote handling, class attribute handling, table section handling, flexbox with floats and SVG animation elements. (CVE-2011-3031, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3038, CVE-2011-3039, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044)\n\n - An error exists in the 'Skia' drawing library that can allow buffer overflows. (CVE-2011-3033)\n\n - Casting errors exist related to line box handling and anonymous block splitting. (CVE-2011-3036, CVE-2011-3037)\n\n - An out-of-bounds read error exists related to text handling. (CVE-2011-3040)", "edition": 5, "reporter": "Tenable", "published": "2012-03-05T00:00:00", "title": "Google Chrome < 17.0.963.65 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_17_0_963_65.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58206);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2011-3031\",\n \"CVE-2011-3032\",\n \"CVE-2011-3033\",\n \"CVE-2011-3034\",\n \"CVE-2011-3035\",\n \"CVE-2011-3036\",\n \"CVE-2011-3037\",\n \"CVE-2011-3038\",\n \"CVE-2011-3039\",\n \"CVE-2011-3040\",\n \"CVE-2011-3041\",\n \"CVE-2011-3042\",\n \"CVE-2011-3043\",\n \"CVE-2011-3044\"\n );\n script_bugtraq_id(52271);\n\n script_name(english:\"Google Chrome < 17.0.963.65 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 17.0.963.65 and is, therefore, affected by the following\nvulnerabilities:\n\n - Use-after-free errors exist related to 'v8 element\n wrapper', SVG value handling, SVG document handling,\n SVG use handling, multi-column handling, quote\n handling, class attribute handling, table section\n handling, flexbox with floats and SVG animation\n elements. (CVE-2011-3031, CVE-2011-3032, CVE-2011-3034,\n CVE-2011-3035, CVE-2011-3038, CVE-2011-3039,\n CVE-2011-3041, CVE-2011-3042, CVE-2011-3043,\n CVE-2011-3044)\n\n - An error exists in the 'Skia' drawing library that can\n allow buffer overflows. (CVE-2011-3033)\n\n - Casting errors exist related to line box handling and\n anonymous block splitting. (CVE-2011-3036,\n CVE-2011-3037)\n\n - An out-of-bounds read error exists related to text\n handling. (CVE-2011-3040)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e979fa5d\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 17.0.963.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'17.0.963.65', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:27", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=751466", "https://bugzilla.novell.com/show_bug.cgi?id=751738", "https://bugzilla.novell.com/show_bug.cgi?id=750407", "http://lists.opensuse.org/opensuse-updates/2012-03/msg00029.html"], "pluginID": "74570", "description": "Changes in chromium :\n\n - Update to 19.0.1066\n\n - Fixed Chrome install/update resets Google search preferences (Issue: 105390)\n\n - Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401)\n\n - Fixed a GPU crash (Issue: 116096)\n\n - More fixes for Back button frequently hangs (Issue:\n 93427)\n\n - Bastion now works (Issue: 116285)\n\n - Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)\n\n - Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)\n\n - Fixed Google Feedback causes render process to use too much memory (Issue: 114489)\n\n - Fixed after upgrade, some pages are rendered as blank (Issue: 109888)\n\n - Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551)\n\n - Security Fixes :\n\n - Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption\n\n - Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n\n - Fixed NTP signed in state is missing (Issue: 112676)\n\n - Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263)\n\n - Focus 'OK' button on JavaScript dialogs (Issue: 111015)\n\n - Fixed Back button frequently hangs (Issue: 93427)\n\n - Increase the buffer size to fix muted playback rate (Issue: 108239)\n\n - Fixed Empty span with line-height renders with non-zero height (Issue: 109811)\n\n - Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates.\n\n - Fixed importing of bookmarks, history, etc. from Firefox 10+.\n\n - Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676\n\n - Fixed several crashes (Issues: 111376, 108688, 114391)\n\n - Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476)\n\n - Sync: Sessions aren't associating pre-existing tabs (Issue: 113319)\n\n - Fixed All 'Extensions' make an entry under the 'NTP Apps' page (Issue: 113672)\n\n - Security Fixes (bnc#750407) :\n\n - High CVE-2011-3031: Use-after-free in v8 element wrapper.\n\n - High CVE-2011-3032: Use-after-free in SVG value handling.\n\n - High CVE-2011-3033: Buffer overflow in the Skia drawing library.\n\n - High CVE-2011-3034: Use-after-free in SVG document handling.\n\n - High CVE-2011-3035: Use-after-free in SVG use handling.\n\n - High CVE-2011-3036: Bad cast in line box handling.\n\n - High CVE-2011-3037: Bad casts in anonymous block splitting.\n\n - High CVE-2011-3038: Use-after-free in multi-column handling.\n\n - High CVE-2011-3039: Use-after-free in quote handling.\n\n - High CVE-2011-3040: Out-of-bounds read in text handling.\n\n - High CVE-2011-3041: Use-after-free in class attribute handling.\n\n - High CVE-2011-3042: Use-after-free in table section handling.\n\n - High CVE-2011-3043: Use-after-free in flexbox with floats.\n\n - High CVE-2011-3044: Use-after-free with SVG animation elements.\n\nChanges in v8 :\n\n - Update to 3.9.13.0\n\n - Add code kind check before preparing for OSR. (issue 1900, 115073)\n\n - Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n\n - Port string construct stub to x64. (issue 849)\n\n - Performance and stability improvements on all platforms.", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0374-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libv8-3", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:v8-devel", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:v8-private-headers-devel", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:libv8-3-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:v8-debugsource", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2012-165.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-165.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74570);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\");\n\n script_name(english:\"openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0374-1)\");\n script_summary(english:\"Check for the openSUSE-2012-165 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in chromium :\n\n - Update to 19.0.1066\n\n - Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n\n - Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n\n - Fixed a GPU crash (Issue: 116096)\n\n - More fixes for Back button frequently hangs (Issue:\n 93427)\n\n - Bastion now works (Issue: 116285)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n\n - Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n\n - Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n\n - Security Fixes :\n\n - Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n\n - Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n\n - Fixed NTP signed in state is missing (Issue: 112676)\n\n - Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n\n - Focus 'OK' button on JavaScript dialogs (Issue: 111015)\n\n - Fixed Back button frequently hangs (Issue: 93427)\n\n - Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n\n - Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n\n - Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n\n - Fixed importing of bookmarks, history, etc. from Firefox\n 10+.\n\n - Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n\n - Fixed several crashes (Issues: 111376, 108688, 114391)\n\n - Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n\n - Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n\n - Fixed All 'Extensions' make an entry under the 'NTP\n Apps' page (Issue: 113672)\n\n - Security Fixes (bnc#750407) :\n\n - High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n\n - High CVE-2011-3032: Use-after-free in SVG value\n handling.\n\n - High CVE-2011-3033: Buffer overflow in the Skia drawing\n library.\n\n - High CVE-2011-3034: Use-after-free in SVG document\n handling.\n\n - High CVE-2011-3035: Use-after-free in SVG use handling.\n\n - High CVE-2011-3036: Bad cast in line box handling.\n\n - High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n\n - High CVE-2011-3038: Use-after-free in multi-column\n handling.\n\n - High CVE-2011-3039: Use-after-free in quote handling.\n\n - High CVE-2011-3040: Out-of-bounds read in text handling.\n\n - High CVE-2011-3041: Use-after-free in class attribute\n handling.\n\n - High CVE-2011-3042: Use-after-free in table section\n handling.\n\n - High CVE-2011-3043: Use-after-free in flexbox with\n floats.\n\n - High CVE-2011-3044: Use-after-free with SVG animation\n elements.\n\nChanges in v8 :\n\n - Update to 3.9.13.0\n\n - Add code kind check before preparing for OSR. (issue\n 1900, 115073)\n\n - Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n\n - Port string construct stub to x64. (issue 849)\n\n - Performance and stability improvements on all platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-03/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751738\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium / v8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-debuginfo-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-debugsource-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-desktop-gnome-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-desktop-kde-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-suid-helper-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libv8-3-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libv8-3-debuginfo-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-debugsource-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-devel-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-private-headers-devel-3.9.13.0-1.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium / chromium-debuginfo / chromium-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:43", "references": ["http://www.nessus.org/u?8e2fd3b4", "http://www.nessus.org/u?d4e415e6", "https://security.gentoo.org/glsa/201203-19", "http://www.nessus.org/u?8a2c4f1c", "http://www.nessus.org/u?4692eb85"], "pluginID": "59611", "description": "The remote host is affected by the vulnerability described in GLSA-201203-19 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction.\n A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests.\n Workaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2012-06-21T00:00:00", "title": "GLSA-201203-19 : Chromium: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3054", "CVE-2011-3055", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3057", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3053", "CVE-2011-3049", "CVE-2011-3036", "CVE-2011-3050", "CVE-2011-3052", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3056", "CVE-2011-3042", "CVE-2011-3051", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201203-19.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-19.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59611);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\", \"CVE-2011-3049\", \"CVE-2011-3050\", \"CVE-2011-3051\", \"CVE-2011-3052\", \"CVE-2011-3053\", \"CVE-2011-3054\", \"CVE-2011-3055\", \"CVE-2011-3056\", \"CVE-2011-3057\");\n script_bugtraq_id(52271, 52369, 52395, 52674);\n script_xref(name:\"GLSA\", value:\"201203-19\");\n\n script_name(english:\"GLSA-201203-19 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-19\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers and release notes referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted web\n site using Chromium, possibly resulting in the execution of arbitrary\n code with the privileges of the process, a Denial of Service condition,\n Universal Cross-Site Scripting, or installation of an extension without\n user interaction.\n A remote attacker could also entice a user to install a specially\n crafted extension that would interfere with browser-issued web requests.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e2fd3b4\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a2c4f1c\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4692eb85\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4e415e6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/chromium-17.0.963.83'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 17.0.963.83\"), vulnerable:make_list(\"lt 17.0.963.83\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:50", "references": [], "pluginID": "62707", "description": "A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2012-10-26T00:00:00", "title": "Ubuntu 12.04 LTS : webkit vulnerabilities (USN-1617-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3670", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3081", "CVE-2011-3031", "CVE-2012-3626", "CVE-2011-3059", "CVE-2012-1521", "CVE-2012-3674", "CVE-2012-3671", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3669", "CVE-2011-3060", "CVE-2012-3652", "CVE-2012-3598", "CVE-2012-3645", "CVE-2011-3038", "CVE-2011-3053", "CVE-2012-3628", "CVE-2011-3076", "CVE-2012-3612", "CVE-2011-3086", "CVE-2012-3617", "CVE-2011-3067", "CVE-2011-3042", "CVE-2011-3090", "CVE-2011-3051", "CVE-2012-3672", "CVE-2012-3627", "CVE-2011-3064", "CVE-2012-3604", "CVE-2012-3601", "CVE-2012-3657"], "modified": "2018-08-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1617-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1617-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62707);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/01 17:36:14\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3038\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3051\", \"CVE-2011-3053\", \"CVE-2011-3059\", \"CVE-2011-3060\", \"CVE-2011-3064\", \"CVE-2011-3067\", \"CVE-2011-3076\", \"CVE-2011-3081\", \"CVE-2011-3086\", \"CVE-2011-3090\", \"CVE-2012-1521\", \"CVE-2012-3598\", \"CVE-2012-3601\", \"CVE-2012-3604\", \"CVE-2012-3611\", \"CVE-2012-3612\", \"CVE-2012-3617\", \"CVE-2012-3625\", \"CVE-2012-3626\", \"CVE-2012-3627\", \"CVE-2012-3628\", \"CVE-2012-3645\", \"CVE-2012-3652\", \"CVE-2012-3657\", \"CVE-2012-3669\", \"CVE-2012-3670\", \"CVE-2012-3671\", \"CVE-2012-3672\", \"CVE-2012-3674\");\n script_bugtraq_id(52271, 52674, 52762, 52913, 53309, 53540, 54680, 55534);\n script_xref(name:\"USN\", value:\"1617-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : webkit vulnerabilities (USN-1617-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKit\nbrowser and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libjavascriptcoregtk-1.0-0\", pkgver:\"1.8.3-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libjavascriptcoregtk-3.0-0\", pkgver:\"1.8.3-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libwebkitgtk-1.0-0\", pkgver:\"1.8.3-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libwebkitgtk-3.0-0\", pkgver:\"1.8.3-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-1.0-0 / libjavascriptcoregtk-3.0-0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:18", "references": ["http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html", "http://support.apple.com/kb/HT5400"], "pluginID": "60127", "description": "The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues :\n\n - An unspecified cross-site scripting issue exists.\n (CVE-2012-0678)\n\n - An error in the handling of 'feed://' URLs can allow local files to be disclosed to remote servers.\n (CVE-2012-0679)\n\n - Password input elements are auto completed even when a webpage specifically forbids it. (CVE-2012-0680)\n\n - A cross-site scripting issue exists due to improper handling of the HTTP 'Content-Disposition' header value of 'attachment'. (CVE-2011-3426)\n\n - Numerous issues exist in WebKit. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697)", "edition": 5, "reporter": "Tenable", "published": "2012-07-26T00:00:00", "title": "Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3689", "CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2011-3039", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2012-3693", "CVE-2012-2815", "CVE-2012-3639", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2011-3968", "CVE-2011-2845", "CVE-2012-3626", "CVE-2012-3603", "CVE-2012-3663", "CVE-2012-3668", "CVE-2012-3678", "CVE-2012-1520", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3635", "CVE-2012-3644", "CVE-2012-3697", "CVE-2012-1521", "CVE-2012-3674", "CVE-2012-3593", "CVE-2012-3694", "CVE-2011-3426", "CVE-2011-3075", "CVE-2012-3625", "CVE-2012-3611", "CVE-2011-3958", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-0683", "CVE-2012-0680", "CVE-2011-3060", "CVE-2011-3971", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3664", "CVE-2011-3069", "CVE-2012-3656", "CVE-2012-3666", "CVE-2012-3645", "CVE-2011-3074", "CVE-2012-3661", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3053", "CVE-2012-3681", "CVE-2012-3690", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3682", "CVE-2012-3686", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3628", "CVE-2011-3926", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3696", "CVE-2012-3605", "CVE-2011-3086", "CVE-2011-3041", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3679", "CVE-2011-3067", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-3630", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3691", "CVE-2012-3650", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-0678", "CVE-2012-3599", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3592", "CVE-2011-3037", "CVE-2012-3627", "CVE-2012-3615", "CVE-2012-3695", "CVE-2011-3913", "CVE-2012-3591", "CVE-2012-0679", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3604", "CVE-2011-3040", "CVE-2012-3631", "CVE-2012-3597", "CVE-2011-3089"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI6_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60127);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2011-2845\",\n \"CVE-2011-3016\",\n \"CVE-2011-3021\",\n \"CVE-2011-3027\",\n \"CVE-2011-3032\",\n \"CVE-2011-3034\",\n \"CVE-2011-3035\",\n \"CVE-2011-3036\",\n \"CVE-2011-3037\",\n \"CVE-2011-3038\",\n \"CVE-2011-3039\",\n \"CVE-2011-3040\",\n \"CVE-2011-3041\",\n \"CVE-2011-3042\",\n \"CVE-2011-3043\",\n \"CVE-2011-3044\",\n \"CVE-2011-3050\",\n \"CVE-2011-3053\",\n \"CVE-2011-3059\",\n \"CVE-2011-3060\",\n \"CVE-2011-3064\",\n \"CVE-2011-3067\",\n \"CVE-2011-3068\",\n \"CVE-2011-3069\",\n \"CVE-2011-3071\",\n \"CVE-2011-3073\",\n \"CVE-2011-3074\",\n \"CVE-2011-3075\",\n \"CVE-2011-3076\",\n \"CVE-2011-3078\",\n \"CVE-2011-3081\",\n \"CVE-2011-3086\",\n \"CVE-2011-3089\",\n \"CVE-2011-3090\",\n \"CVE-2011-3426\",\n \"CVE-2011-3913\",\n \"CVE-2011-3924\",\n \"CVE-2011-3926\",\n \"CVE-2011-3958\",\n \"CVE-2011-3966\",\n \"CVE-2011-3968\",\n \"CVE-2011-3969\",\n \"CVE-2011-3971\",\n \"CVE-2012-0678\",\n \"CVE-2012-0679\",\n \"CVE-2012-0680\",\n \"CVE-2012-0682\",\n \"CVE-2012-0683\",\n \"CVE-2012-1520\",\n \"CVE-2012-1521\",\n \"CVE-2012-2815\",\n \"CVE-2012-3589\",\n \"CVE-2012-3590\",\n \"CVE-2012-3591\",\n \"CVE-2012-3592\",\n \"CVE-2012-3593\",\n \"CVE-2012-3594\",\n \"CVE-2012-3595\",\n \"CVE-2012-3596\",\n \"CVE-2012-3597\",\n \"CVE-2012-3599\",\n \"CVE-2012-3600\",\n \"CVE-2012-3603\",\n \"CVE-2012-3604\",\n \"CVE-2012-3605\",\n \"CVE-2012-3608\",\n \"CVE-2012-3609\",\n \"CVE-2012-3610\",\n \"CVE-2012-3611\",\n \"CVE-2012-3615\",\n \"CVE-2012-3618\",\n \"CVE-2012-3620\",\n \"CVE-2012-3625\",\n \"CVE-2012-3626\",\n \"CVE-2012-3627\",\n \"CVE-2012-3628\",\n \"CVE-2012-3629\",\n \"CVE-2012-3630\",\n \"CVE-2012-3631\",\n \"CVE-2012-3633\",\n \"CVE-2012-3634\",\n \"CVE-2012-3635\",\n \"CVE-2012-3636\",\n \"CVE-2012-3637\",\n \"CVE-2012-3638\",\n \"CVE-2012-3639\",\n \"CVE-2012-3640\",\n \"CVE-2012-3641\",\n \"CVE-2012-3642\",\n \"CVE-2012-3644\",\n \"CVE-2012-3645\",\n \"CVE-2012-3646\",\n \"CVE-2012-3650\",\n \"CVE-2012-3653\",\n \"CVE-2012-3655\",\n \"CVE-2012-3656\",\n \"CVE-2012-3661\",\n \"CVE-2012-3663\",\n \"CVE-2012-3664\",\n \"CVE-2012-3665\",\n \"CVE-2012-3666\",\n \"CVE-2012-3667\",\n \"CVE-2012-3668\",\n \"CVE-2012-3669\",\n \"CVE-2012-3670\",\n \"CVE-2012-3674\",\n \"CVE-2012-3678\",\n \"CVE-2012-3679\",\n \"CVE-2012-3680\",\n \"CVE-2012-3681\",\n \"CVE-2012-3682\",\n \"CVE-2012-3683\",\n \"CVE-2012-3686\",\n \"CVE-2012-3689\",\n \"CVE-2012-3690\",\n \"CVE-2012-3691\",\n \"CVE-2012-3693\",\n \"CVE-2012-3694\",\n \"CVE-2012-3695\",\n \"CVE-2012-3696\",\n \"CVE-2012-3697\"\n );\n script_bugtraq_id(\n 54669,\n 54680,\n 54683,\n 54686,\n 54687,\n 54688,\n 54692,\n 54693,\n 54694,\n 54695,\n 54696,\n 54697,\n 54700,\n 54703,\n 57027\n );\n\n script_name(english:\"Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 6.0. It is, therefore, potentially affected by several\nissues :\n\n - An unspecified cross-site scripting issue exists.\n (CVE-2012-0678)\n\n - An error in the handling of 'feed://' URLs can allow\n local files to be disclosed to remote servers.\n (CVE-2012-0679)\n\n - Password input elements are auto completed even when\n a webpage specifically forbids it. (CVE-2012-0680)\n\n - A cross-site scripting issue exists due to improper\n handling of the HTTP 'Content-Disposition' header\n value of 'attachment'. (CVE-2011-3426)\n\n - Numerous issues exist in WebKit. (CVE-2011-2845,\n CVE-2011-3016, CVE-2011-3021, CVE-2011-3027,\n CVE-2011-3032, CVE-2011-3034, CVE-2011-3035,\n CVE-2011-3036, CVE-2011-3037, CVE-2011-3038,\n CVE-2011-3039, CVE-2011-3040, CVE-2011-3041,\n CVE-2011-3042, CVE-2011-3043, CVE-2011-3044,\n CVE-2011-3050, CVE-2011-3053, CVE-2011-3059,\n CVE-2011-3060, CVE-2011-3064, CVE-2011-3067,\n CVE-2011-3068, CVE-2011-3069, CVE-2011-3071,\n CVE-2011-3073, CVE-2011-3074, CVE-2011-3075,\n CVE-2011-3076, CVE-2011-3078, CVE-2011-3081,\n CVE-2011-3086, CVE-2011-3089, CVE-2011-3090,\n CVE-2011-3913, CVE-2011-3924, CVE-2011-3926,\n CVE-2011-3958, CVE-2011-3966, CVE-2011-3968,\n CVE-2011-3969, CVE-2011-3971, CVE-2012-0682,\n CVE-2012-0683, CVE-2012-1520, CVE-2012-1521,\n CVE-2012-2815, CVE-2012-3589, CVE-2012-3590,\n CVE-2012-3591, CVE-2012-3592, CVE-2012-3593,\n CVE-2012-3594, CVE-2012-3595, CVE-2012-3596,\n CVE-2012-3597, CVE-2012-3599, CVE-2012-3600,\n CVE-2012-3603, CVE-2012-3604, CVE-2012-3605,\n CVE-2012-3608, CVE-2012-3609, CVE-2012-3610,\n CVE-2012-3611, CVE-2012-3615, CVE-2012-3618,\n CVE-2012-3620, CVE-2012-3625, CVE-2012-3626,\n CVE-2012-3627, CVE-2012-3628, CVE-2012-3629,\n CVE-2012-3630, CVE-2012-3631, CVE-2012-3633,\n CVE-2012-3634, CVE-2012-3635, CVE-2012-3636,\n CVE-2012-3637, CVE-2012-3638, CVE-2012-3639,\n CVE-2012-3640, CVE-2012-3641, CVE-2012-3642,\n CVE-2012-3644, CVE-2012-3645, CVE-2012-3646,\n CVE-2012-3650, CVE-2012-3653, CVE-2012-3655,\n CVE-2012-3656, CVE-2012-3661, CVE-2012-3663,\n CVE-2012-3664, CVE-2012-3665, CVE-2012-3666,\n CVE-2012-3667, CVE-2012-3668, CVE-2012-3669,\n CVE-2012-3670, CVE-2012-3674, CVE-2012-3678,\n CVE-2012-3679, CVE-2012-3680, CVE-2012-3681,\n CVE-2012-3682, CVE-2012-3683, CVE-2012-3686,\n CVE-2012-3689, CVE-2012-3690, CVE-2012-3691,\n CVE-2012-3693, CVE-2012-3694, CVE-2012-3695,\n CVE-2012-3696, CVE-2012-3697)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5400\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 6.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\"); \n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.7([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7\");\n\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"6.0\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Safari\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:23", "references": ["http://support.apple.com/kb/HT5485", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"], "pluginID": "62077", "description": "The version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit.", "edition": 7, "reporter": "Tenable", "published": "2012-09-13T00:00:00", "title": "Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2011-3039", "CVE-2012-3649", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2011-3105", "CVE-2012-3705", "CVE-2012-3639", "CVE-2012-3688", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2011-3968", "CVE-2012-3703", "CVE-2012-3607", "CVE-2012-2831", "CVE-2012-3626", "CVE-2012-3704", "CVE-2012-3603", "CVE-2012-3663", "CVE-2012-3668", "CVE-2012-3660", "CVE-2012-3623", "CVE-2012-3678", "CVE-2012-1520", "CVE-2012-3687", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3709", "CVE-2012-3606", "CVE-2012-3635", "CVE-2012-3654", "CVE-2012-3644", "CVE-2012-1521", "CVE-2012-3676", "CVE-2012-3674", "CVE-2012-3593", "CVE-2012-2817", "CVE-2011-3075", "CVE-2012-3671", "CVE-2012-3602", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3685", "CVE-2012-3700", "CVE-2012-3659", "CVE-2011-3958", "CVE-2012-3675", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-3706", "CVE-2012-3658", "CVE-2012-0683", "CVE-2012-3684", "CVE-2011-3060", "CVE-2012-2843", "CVE-2012-3652", "CVE-2012-3651", "CVE-2011-3971", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3622", "CVE-2012-3664", "CVE-2012-3702", "CVE-2011-3069", "CVE-2012-3656", "CVE-2012-3712", "CVE-2012-3666", "CVE-2012-3598", "CVE-2012-3710", "CVE-2012-3645", "CVE-2011-3074", "CVE-2012-3661", "CVE-2011-3038", "CVE-2011-3035", "CVE-2012-3708", "CVE-2012-3673", "CVE-2011-3053", "CVE-2012-3616", "CVE-2012-3681", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3682", "CVE-2012-3686", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-2818", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3628", "CVE-2011-3926", "CVE-2012-3707", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3614", "CVE-2012-3612", "CVE-2012-3643", "CVE-2012-3605", "CVE-2012-3647", "CVE-2012-3648", "CVE-2011-3086", "CVE-2012-3617", "CVE-2011-3041", "CVE-2012-3613", "CVE-2012-3699", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3711", "CVE-2012-3679", "CVE-2012-3677", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-3630", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-3599", "CVE-2012-3624", "CVE-2012-3621", "CVE-2012-2829", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3672", "CVE-2012-3592", "CVE-2011-3037", "CVE-2012-3627", "CVE-2012-3615", "CVE-2011-3913", "CVE-2012-3591", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3692", "CVE-2012-3604", "CVE-2012-3601", "CVE-2012-3701", "CVE-2011-3040", "CVE-2012-2842", "CVE-2012-3657", "CVE-2012-3631", "CVE-2012-3597", "CVE-2012-3632", "CVE-2011-3089"], "modified": "2018-07-13T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_10_7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62077);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2011-3016\",\n \"CVE-2011-3021\",\n \"CVE-2011-3027\",\n \"CVE-2011-3032\",\n \"CVE-2011-3034\",\n \"CVE-2011-3035\",\n \"CVE-2011-3036\",\n \"CVE-2011-3037\",\n \"CVE-2011-3038\",\n \"CVE-2011-3039\",\n \"CVE-2011-3040\",\n \"CVE-2011-3041\",\n \"CVE-2011-3042\",\n \"CVE-2011-3043\",\n \"CVE-2011-3044\",\n \"CVE-2011-3050\",\n \"CVE-2011-3053\",\n \"CVE-2011-3059\",\n \"CVE-2011-3060\",\n \"CVE-2011-3064\",\n \"CVE-2011-3068\",\n \"CVE-2011-3069\",\n \"CVE-2011-3071\",\n \"CVE-2011-3073\",\n \"CVE-2011-3074\",\n \"CVE-2011-3075\",\n \"CVE-2011-3076\",\n \"CVE-2011-3078\",\n \"CVE-2011-3081\",\n \"CVE-2011-3086\",\n \"CVE-2011-3089\",\n \"CVE-2011-3090\",\n \"CVE-2011-3105\",\n \"CVE-2011-3913\",\n \"CVE-2011-3924\",\n \"CVE-2011-3926\",\n \"CVE-2011-3958\",\n \"CVE-2011-3966\",\n \"CVE-2011-3968\",\n \"CVE-2011-3969\",\n \"CVE-2011-3971\",\n \"CVE-2012-0682\",\n \"CVE-2012-0683\",\n \"CVE-2012-1520\",\n \"CVE-2012-1521\",\n \"CVE-2012-2817\",\n \"CVE-2012-2818\",\n \"CVE-2012-2829\",\n \"CVE-2012-2831\",\n \"CVE-2012-2842\",\n \"CVE-2012-2843\",\n \"CVE-2012-3589\",\n \"CVE-2012-3590\",\n \"CVE-2012-3591\",\n \"CVE-2012-3592\",\n \"CVE-2012-3593\",\n \"CVE-2012-3594\",\n \"CVE-2012-3595\",\n \"CVE-2012-3596\",\n \"CVE-2012-3597\",\n \"CVE-2012-3598\",\n \"CVE-2012-3599\",\n \"CVE-2012-3600\",\n \"CVE-2012-3601\",\n \"CVE-2012-3602\",\n \"CVE-2012-3603\",\n \"CVE-2012-3604\",\n \"CVE-2012-3605\",\n \"CVE-2012-3606\",\n \"CVE-2012-3607\",\n \"CVE-2012-3608\",\n \"CVE-2012-3609\",\n \"CVE-2012-3610\",\n \"CVE-2012-3611\",\n \"CVE-2012-3612\",\n \"CVE-2012-3613\",\n \"CVE-2012-3614\",\n \"CVE-2012-3615\",\n \"CVE-2012-3616\",\n \"CVE-2012-3617\",\n \"CVE-2012-3618\",\n \"CVE-2012-3620\",\n \"CVE-2012-3621\",\n \"CVE-2012-3622\",\n \"CVE-2012-3623\",\n \"CVE-2012-3624\",\n \"CVE-2012-3625\",\n \"CVE-2012-3626\",\n \"CVE-2012-3627\",\n \"CVE-2012-3628\",\n \"CVE-2012-3629\",\n \"CVE-2012-3630\",\n \"CVE-2012-3631\",\n \"CVE-2012-3632\",\n \"CVE-2012-3633\",\n \"CVE-2012-3634\",\n \"CVE-2012-3635\",\n \"CVE-2012-3636\",\n \"CVE-2012-3637\",\n \"CVE-2012-3638\",\n \"CVE-2012-3639\",\n \"CVE-2012-3640\",\n \"CVE-2012-3641\",\n \"CVE-2012-3642\",\n \"CVE-2012-3643\",\n \"CVE-2012-3644\",\n \"CVE-2012-3645\",\n \"CVE-2012-3646\",\n \"CVE-2012-3647\",\n \"CVE-2012-3648\",\n \"CVE-2012-3649\",\n \"CVE-2012-3651\",\n \"CVE-2012-3652\",\n \"CVE-2012-3653\",\n \"CVE-2012-3654\",\n \"CVE-2012-3655\",\n \"CVE-2012-3656\",\n \"CVE-2012-3657\",\n \"CVE-2012-3658\",\n \"CVE-2012-3659\",\n \"CVE-2012-3660\",\n \"CVE-2012-3661\",\n \"CVE-2012-3663\",\n \"CVE-2012-3664\",\n \"CVE-2012-3665\",\n \"CVE-2012-3666\",\n \"CVE-2012-3667\",\n \"CVE-2012-3668\",\n \"CVE-2012-3669\",\n \"CVE-2012-3670\",\n \"CVE-2012-3671\",\n \"CVE-2012-3672\",\n \"CVE-2012-3673\",\n \"CVE-2012-3674\",\n \"CVE-2012-3675\",\n \"CVE-2012-3676\",\n \"CVE-2012-3677\",\n \"CVE-2012-3678\",\n \"CVE-2012-3679\",\n \"CVE-2012-3680\",\n \"CVE-2012-3681\",\n \"CVE-2012-3682\",\n \"CVE-2012-3683\",\n \"CVE-2012-3684\",\n \"CVE-2012-3685\",\n \"CVE-2012-3686\",\n \"CVE-2012-3687\",\n \"CVE-2012-3688\",\n \"CVE-2012-3692\",\n \"CVE-2012-3699\",\n \"CVE-2012-3700\",\n \"CVE-2012-3701\",\n \"CVE-2012-3702\",\n \"CVE-2012-3703\",\n \"CVE-2012-3704\",\n \"CVE-2012-3705\",\n \"CVE-2012-3706\",\n \"CVE-2012-3707\",\n \"CVE-2012-3708\",\n \"CVE-2012-3709\",\n \"CVE-2012-3710\",\n \"CVE-2012-3711\",\n \"CVE-2012-3712\"\n );\n script_bugtraq_id(\n 51041,\n 51641,\n 51911,\n 52031,\n 52271,\n 52674,\n 52762,\n 52913,\n 53309,\n 53540,\n 54203,\n 54680,\n 55534,\n 57027\n );\n\n script_name(english:\"Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple iTunes installed on the remote Windows host is\nolder than 10.7 and is, therefore, affected by multiple memory\ncorruption vulnerabilities in WebKit.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5485\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"SMB/iTunes/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/iTunes/Version\");\npath = get_kb_item_or_exit(\"SMB/iTunes/Path\");\n\nfixed_version = \"10.7.0.21\";\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:08:23", "references": ["http://support.apple.com/kb/HT5485", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"], "pluginID": "62078", "description": "The version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component.", "edition": 7, "reporter": "Tenable", "published": "2012-09-13T00:00:00", "title": "Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Peer-To-Peer File Sharing", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2011-3039", "CVE-2012-3649", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2011-3105", "CVE-2012-3705", "CVE-2012-3639", "CVE-2012-3688", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2011-3968", "CVE-2012-3703", "CVE-2012-3607", "CVE-2012-2831", "CVE-2012-3626", "CVE-2012-3704", "CVE-2012-3603", "CVE-2012-3663", "CVE-2012-3668", "CVE-2012-3660", "CVE-2012-3623", "CVE-2012-3678", "CVE-2012-1520", "CVE-2012-3687", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3709", "CVE-2012-3606", "CVE-2012-3635", "CVE-2012-3654", "CVE-2012-3644", "CVE-2012-1521", "CVE-2012-3676", "CVE-2012-3674", "CVE-2012-3593", "CVE-2012-2817", "CVE-2011-3075", "CVE-2012-3671", "CVE-2012-3602", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3685", "CVE-2012-3700", "CVE-2012-3659", "CVE-2011-3958", "CVE-2012-3675", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-3706", "CVE-2012-3658", "CVE-2012-0683", "CVE-2012-3684", "CVE-2011-3060", "CVE-2012-2843", "CVE-2012-3652", "CVE-2012-3651", "CVE-2011-3971", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3622", "CVE-2012-3664", "CVE-2012-3702", "CVE-2011-3069", "CVE-2012-3656", "CVE-2012-3712", "CVE-2012-3666", "CVE-2012-3598", "CVE-2012-3710", "CVE-2012-3645", "CVE-2011-3074", "CVE-2012-3661", "CVE-2011-3038", "CVE-2011-3035", "CVE-2012-3708", "CVE-2012-3673", "CVE-2011-3053", "CVE-2012-3616", "CVE-2012-3681", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3682", "CVE-2012-3686", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-2818", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3628", "CVE-2011-3926", "CVE-2012-3707", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3614", "CVE-2012-3612", "CVE-2012-3643", "CVE-2012-3605", "CVE-2012-3647", "CVE-2012-3648", "CVE-2011-3086", "CVE-2012-3617", "CVE-2011-3041", "CVE-2012-3613", "CVE-2012-3699", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3711", "CVE-2012-3679", "CVE-2012-3677", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-3630", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-3599", "CVE-2012-3624", "CVE-2012-3621", "CVE-2012-2829", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3672", "CVE-2012-3592", "CVE-2011-3037", "CVE-2012-3627", "CVE-2012-3615", "CVE-2011-3913", "CVE-2012-3591", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3692", "CVE-2012-3604", "CVE-2012-3601", "CVE-2012-3701", "CVE-2011-3040", "CVE-2012-2842", "CVE-2012-3657", "CVE-2012-3631", "CVE-2012-3597", "CVE-2012-3632", "CVE-2011-3089"], "modified": "2018-07-13T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_10_7_BANNER.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62078);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2011-3016\",\n \"CVE-2011-3021\",\n \"CVE-2011-3027\",\n \"CVE-2011-3032\",\n \"CVE-2011-3034\",\n \"CVE-2011-3035\",\n \"CVE-2011-3036\",\n \"CVE-2011-3037\",\n \"CVE-2011-3038\",\n \"CVE-2011-3039\",\n \"CVE-2011-3040\",\n \"CVE-2011-3041\",\n \"CVE-2011-3042\",\n \"CVE-2011-3043\",\n \"CVE-2011-3044\",\n \"CVE-2011-3050\",\n \"CVE-2011-3053\",\n \"CVE-2011-3059\",\n \"CVE-2011-3060\",\n \"CVE-2011-3064\",\n \"CVE-2011-3068\",\n \"CVE-2011-3069\",\n \"CVE-2011-3071\",\n \"CVE-2011-3073\",\n \"CVE-2011-3074\",\n \"CVE-2011-3075\",\n \"CVE-2011-3076\",\n \"CVE-2011-3078\",\n \"CVE-2011-3081\",\n \"CVE-2011-3086\",\n \"CVE-2011-3089\",\n \"CVE-2011-3090\",\n \"CVE-2011-3105\",\n \"CVE-2011-3913\",\n \"CVE-2011-3924\",\n \"CVE-2011-3926\",\n \"CVE-2011-3958\",\n \"CVE-2011-3966\",\n \"CVE-2011-3968\",\n \"CVE-2011-3969\",\n \"CVE-2011-3971\",\n \"CVE-2012-0682\",\n \"CVE-2012-0683\",\n \"CVE-2012-1520\",\n \"CVE-2012-1521\",\n \"CVE-2012-2817\",\n \"CVE-2012-2818\",\n \"CVE-2012-2829\",\n \"CVE-2012-2831\",\n \"CVE-2012-2842\",\n \"CVE-2012-2843\",\n \"CVE-2012-3589\",\n \"CVE-2012-3590\",\n \"CVE-2012-3591\",\n \"CVE-2012-3592\",\n \"CVE-2012-3593\",\n \"CVE-2012-3594\",\n \"CVE-2012-3595\",\n \"CVE-2012-3596\",\n \"CVE-2012-3597\",\n \"CVE-2012-3598\",\n \"CVE-2012-3599\",\n \"CVE-2012-3600\",\n \"CVE-2012-3601\",\n \"CVE-2012-3602\",\n \"CVE-2012-3603\",\n \"CVE-2012-3604\",\n \"CVE-2012-3605\",\n \"CVE-2012-3606\",\n \"CVE-2012-3607\",\n \"CVE-2012-3608\",\n \"CVE-2012-3609\",\n \"CVE-2012-3610\",\n \"CVE-2012-3611\",\n \"CVE-2012-3612\",\n \"CVE-2012-3613\",\n \"CVE-2012-3614\",\n \"CVE-2012-3615\",\n \"CVE-2012-3616\",\n \"CVE-2012-3617\",\n \"CVE-2012-3618\",\n \"CVE-2012-3620\",\n \"CVE-2012-3621\",\n \"CVE-2012-3622\",\n \"CVE-2012-3623\",\n \"CVE-2012-3624\",\n \"CVE-2012-3625\",\n \"CVE-2012-3626\",\n \"CVE-2012-3627\",\n \"CVE-2012-3628\",\n \"CVE-2012-3629\",\n \"CVE-2012-3630\",\n \"CVE-2012-3631\",\n \"CVE-2012-3632\",\n \"CVE-2012-3633\",\n \"CVE-2012-3634\",\n \"CVE-2012-3635\",\n \"CVE-2012-3636\",\n \"CVE-2012-3637\",\n \"CVE-2012-3638\",\n \"CVE-2012-3639\",\n \"CVE-2012-3640\",\n \"CVE-2012-3641\",\n \"CVE-2012-3642\",\n \"CVE-2012-3643\",\n \"CVE-2012-3644\",\n \"CVE-2012-3645\",\n \"CVE-2012-3646\",\n \"CVE-2012-3647\",\n \"CVE-2012-3648\",\n \"CVE-2012-3649\",\n \"CVE-2012-3651\",\n \"CVE-2012-3652\",\n \"CVE-2012-3653\",\n \"CVE-2012-3654\",\n \"CVE-2012-3655\",\n \"CVE-2012-3656\",\n \"CVE-2012-3657\",\n \"CVE-2012-3658\",\n \"CVE-2012-3659\",\n \"CVE-2012-3660\",\n \"CVE-2012-3661\",\n \"CVE-2012-3663\",\n \"CVE-2012-3664\",\n \"CVE-2012-3665\",\n \"CVE-2012-3666\",\n \"CVE-2012-3667\",\n \"CVE-2012-3668\",\n \"CVE-2012-3669\",\n \"CVE-2012-3670\",\n \"CVE-2012-3671\",\n \"CVE-2012-3672\",\n \"CVE-2012-3673\",\n \"CVE-2012-3674\",\n \"CVE-2012-3675\",\n \"CVE-2012-3676\",\n \"CVE-2012-3677\",\n \"CVE-2012-3678\",\n \"CVE-2012-3679\",\n \"CVE-2012-3680\",\n \"CVE-2012-3681\",\n \"CVE-2012-3682\",\n \"CVE-2012-3683\",\n \"CVE-2012-3684\",\n \"CVE-2012-3685\",\n \"CVE-2012-3686\",\n \"CVE-2012-3687\",\n \"CVE-2012-3688\",\n \"CVE-2012-3692\",\n \"CVE-2012-3699\",\n \"CVE-2012-3700\",\n \"CVE-2012-3701\",\n \"CVE-2012-3702\",\n \"CVE-2012-3703\",\n \"CVE-2012-3704\",\n \"CVE-2012-3705\",\n \"CVE-2012-3706\",\n \"CVE-2012-3707\",\n \"CVE-2012-3708\",\n \"CVE-2012-3709\",\n \"CVE-2012-3710\",\n \"CVE-2012-3711\",\n \"CVE-2012-3712\"\n );\n script_bugtraq_id(\n 51041,\n 51641,\n 51911,\n 52031,\n 52271,\n 52674,\n 52762,\n 52913,\n 53309,\n 53540,\n 54203,\n 54680,\n 55534,\n 57027\n );\n\n script_name(english:\"Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version 10.7. It\nis, therefore, affected by multiple memory corruption vulnerabilities\nin the WebKit component.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5485\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"10.7\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:54:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "CVE-2011-3031\r\nCVE-2011-3032\r\nCVE-2011-3033\r\nCVE-2011-3034\r\nCVE-2011-3035\r\nCVE-2011-3036\r\nCVE-2011-3037\r\nCVE-2011-3038\r\nCVE-2011-3039\r\nCVE-2011-3040\r\nCVE-2011-3041\r\nCVE-2011-3042\r\nCVE-2011-3043\r\nCVE-2011-3044\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u5f00\u6e90\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nGoogle Chrome\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u6076\u610f\u7528\u6237\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u7b49\u653b\u51fb\u3002\r\n1)v8 element wrapper\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n2)SVG\u503c\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n3)Skia\u7ed8\u56fe\u5e93\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n4)SVG\u6587\u6863\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n5)SVG\u4f7f\u7528\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n6)line-box\u5904\u7406\u5b58\u5728\u7c7b\u578b\u8f6c\u6362\u9519\u8bef\u3002\r\n7)\u533f\u540d\u5757\u5206\u62c6(anonymous block splitting)\u5b58\u5728\u7c7b\u578b\u8f6c\u6362\u9519\u8bef\u3002\r\n8)\u591a\u5217\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n9)quote\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n10)\u6587\u672c\u5904\u7406\u5b58\u5728\u8d8a\u754c\u8bfb\u9519\u8bef\u3002\r\n11)\u7c7b\u5c5e\u6027\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n12)\u8868\u5355\u9009\u62e9\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n13)flexbox\u6d6e\u70b9\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n14)SVG\u52a8\u753b\u5143\u7d20\u5904\u7406\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\u3002\r\n15)\u5e94\u7528\u7a0b\u5e8f\u6346\u7ed1\u4e86\u5b58\u5728\u6f0f\u6d1e\u7684Adobe Flash player\u7248\u672c\n0\nGoogle Chrome 17.0.963.65\u4e4b\u524d\u7248\u672c\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nGoogle Chrome 17.0.963.65\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://googlechromereleases.blogspot.com/", "reporter": "Root", "published": "2012-03-06T00:00:00", "type": "seebug", "title": "Google Chrome 17.0.963.65\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3031", "CVE-2011-3032", "CVE-2011-3033", "CVE-2011-3034", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3037", "CVE-2011-3038", "CVE-2011-3039", "CVE-2011-3040", "CVE-2011-3041", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2012-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30172", "id": "SSV:30172", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "status": "details"}], "freebsd": [{"lastseen": "2016-09-26T17:24:40", "references": ["http://googlechromereleases.blogspot.com/search/label/Stable%20updates"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "17.0.963.65", "packageName": "chromium", "arch": "noarch", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper.\n\t Credit to Chamal de Silva.\n[108037] High CVE-2011-3032: Use-after-free in SVG value handling.\n\t Credit to Arthur Gerkis.\n[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia\n\t drawing library. Credit to Aki Helin of OUSPG.\n[111748] High CVE-2011-3034: Use-after-free in SVG document\n\t handling. Credit to Arthur Gerkis.\n[112212] High CVE-2011-3035: Use-after-free in SVG use handling.\n\t Credit to Arthur Gerkis.\n[113258] High CVE-2011-3036: Bad cast in line box handling. Credit\n\t to miaubiz.\n[113439] [114924] [115028] High CVE-2011-3037: Bad casts in\n\t anonymous block splitting. Credit to miaubiz.\n[113497] High CVE-2011-3038: Use-after-free in multi-column\n\t handling. Credit to miaubiz.\n[113707] High CVE-2011-3039: Use-after-free in quote handling.\n\t Credit to miaubiz.\n[114054] High CVE-2011-3040: Out-of-bounds read in text handling.\n\t Credit to miaubiz.\n[114068] High CVE-2011-3041: Use-after-free in class attribute\n\t handling. Credit to miaubiz.\n[114219] High CVE-2011-3042: Use-after-free in table section\n\t handling. Credit to miaubiz.\n[115681] High CVE-2011-3043: Use-after-free in flexbox with floats.\n\t Credit to miaubiz.\n[116093] High CVE-2011-3044: Use-after-free with SVG animation\n\t elements. Credit to Arthur Gerkis.\n\n", "reporter": "FreeBSD", "published": "2012-03-04T00:00:00", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2012-03-04T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/99aef698-66ed-11e1-8288-00262d5ed8ee.html", "id": "99AEF698-66ED-11E1-8288-00262D5ED8EE", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:52:15", "references": ["https://bugzilla.novell.com/750407", "https://bugzilla.novell.com/751738", "https://bugzilla.novell.com/751466"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-suid-helper-debuginfo", "packageFilename": "chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-private-headers-devel", "packageFilename": "v8-private-headers-devel-3.9.13.0-1.15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-devel", "packageFilename": "v8-devel-3.9.13.0-1.15.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-private-headers-devel", "packageFilename": "v8-private-headers-devel-3.9.13.0-1.15.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-debugsource", "packageFilename": "v8-debugsource-3.9.13.0-1.15.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "libv8-3", "packageFilename": "libv8-3-3.9.13.0-1.15.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-suid-helper-debuginfo", "packageFilename": "chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-debugsource", "packageFilename": "v8-debugsource-3.9.13.0-1.15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium", "packageFilename": "chromium-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "libv8-3-debuginfo", "packageFilename": "libv8-3-debuginfo-3.9.13.0-1.15.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "libv8-3-debuginfo", "packageFilename": "libv8-3-debuginfo-3.9.13.0-1.15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium", "packageFilename": "chromium-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "libv8-3", "packageFilename": "libv8-3-3.9.13.0-1.15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-suid-helper", "packageFilename": "chromium-suid-helper-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "3.9.13.0-1.15.1", "packageName": "v8-devel", "packageFilename": "v8-devel-3.9.13.0-1.15.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-suid-helper", "packageFilename": "chromium-suid-helper-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-19.0.1066.0-1.11.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "19.0.1066.0-1.11.2", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-19.0.1066.0-1.11.2.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "Changes in chromium:\n - Update to 19.0.1066\n * Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n * Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n * Fixed a GPU crash (Issue: 116096)\n * More fixes for Back button frequently hangs (Issue:\n 93427)\n * Bastion now works (Issue: 116285)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n * Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n * Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n - Security Fixes:\n * Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n * Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n * Fixed NTP signed in state is missing (Issue: 112676)\n * Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n * Focus "OK" button on Javascript dialogs (Issue: 111015)\n * Fixed Back button frequently hangs (Issue: 93427)\n * Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n * Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n * Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n * Fixed importing of bookmarks, history, etc. from\n Firefox 10+.\n * Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n * Fixed several crashes (Issues: 111376, 108688, 114391)\n * Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n * Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n * Fixed All "Extensions" make an entry under the "NTP\n Apps" page (Issue: 113672)\n - Security Fixes (bnc#750407):\n * High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n * High CVE-2011-3032: Use-after-free in SVG value\n handling.\n * High CVE-2011-3033: Buffer overflow in the Skia\n drawing library.\n * High CVE-2011-3034: Use-after-free in SVG document\n handling.\n * High CVE-2011-3035: Use-after-free in SVG use handling.\n * High CVE-2011-3036: Bad cast in line box handling.\n * High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n * High CVE-2011-3038: Use-after-free in multi-column\n handling.\n * High CVE-2011-3039: Use-after-free in quote handling.\n * High CVE-2011-3040: Out-of-bounds read in text\n handling.\n * High CVE-2011-3041: Use-after-free in class attribute\n handling.\n * High CVE-2011-3042: Use-after-free in table section\n handling.\n * High CVE-2011-3043: Use-after-free in flexbox with\n floats.\n * High CVE-2011-3044: Use-after-free with SVG animation\n elements.\n\n Changes in v8:\n - Update to 3.9.13.0\n * Add code kind check before preparing for OSR. (issue\n 1900, 115073)\n * Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n * Port string construct stub to x64. (issue 849)\n * Performance and stability improvements on all platforms.\n\n", "edition": 1, "reporter": "Suse", "published": "2012-03-16T13:08:23", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "title": "update for chromium, v8 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2012-03-16T13:08:23", "id": "OPENSUSE-SU-2012:0374-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:03:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["https://threatpost.com/google-patches-14-chrome-bugs-ahead-pwn2own-pays-30k-special-rewards-030512/", "https://threatpost.com/revamped-pwn2own-offer-105k-prizes-cash-google-chrome-0-days-012312/", "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29", "http://pwn2own.zerodayinitiative.com/rules.html", "http://cansecwest.com/", "https://threatpost.com/google-withdraws-pwn2own-sponsorship-sets-aside-1-mil-prizes-022812/", "https://code.google.com/p/chromium/issues/detail?id=105867", "https://code.google.com/p/chromium/issues/detail?id=108037", "https://code.google.com/p/chromium/issues/detail?id=108406", "https://code.google.com/p/chromium/issues/detail?id=115471", "https://code.google.com/p/chromium/issues/detail?id=111748", "https://code.google.com/p/chromium/issues/detail?id=112212", "https://code.google.com/p/chromium/issues/detail?id=113258", "https://code.google.com/p/chromium/issues/detail?id=113439", "https://code.google.com/p/chromium/issues/detail?id=114924", "https://code.google.com/p/chromium/issues/detail?id=115028", "https://code.google.com/p/chromium/issues/detail?id=113497", "https://code.google.com/p/chromium/issues/detail?id=113707", "https://code.google.com/p/chromium/issues/detail?id=114054", "https://code.google.com/p/chromium/issues/detail?id=114068", "https://code.google.com/p/chromium/issues/detail?id=114219", "https://code.google.com/p/chromium/issues/detail?id=115681", "https://code.google.com/p/chromium/issues/detail?id=116093"], "description": "[](<https://threatpost.com/google-patches-14-chrome-bugs-ahead-pwn2own-pays-30k-special-rewards-030512/>)Just two days before the annual [Pwn2Own contest](<https://threatpost.com/revamped-pwn2own-offer-105k-prizes-cash-google-chrome-0-days-012312/>) is set to begin at CanSecWest, Google has patched a huge set of serious vulnerabilities in its Chrome browser. In addition to the 14 high-risk flaws fixed in Chrome, the company also handed out rewards of $10,000 each to three researchers who regularly submit bugs to Google and have taken home quite a bit of cash in the past as part of the company\u2019s reward program.\n\nThe $10,000 payouts went to Aki Helin, Arhur Gerkis and a researcher known as Miaubiz. These payments are in addition to the normal rewards that Google pays researchers who find and report security vulnerabilities in Chrome, and they represent a new kind of reward from the company. And Google officials said it is just the beginning of this kind of reward that isn\u2019t tied to a specific bug report.\n\n\u201cTo determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn\u2019t come as a surprise that they all feature (and earn more!) in the release notes below. We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we\u2019re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn\u2019t be possible without the aggressive bug hunting of the wider community,\u201d [Jason Kersey of the Google Chrome team](<http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>) wrote in a blog post.\n\nThe [Pwn2Own contest](<http://pwn2own.zerodayinitiative.com/rules.html>) at [CanSecWest in Vancouver](<http://cansecwest.com/>) is a an annual competition that challenges researchers to hack one or more of a set list of targets. The target list typically includes each of the major browsers running on Windows or OS X. The rules of the contest have changed this year in order to give more contestants the ability to use vulnerabilities they\u2019ve discovered. Instead of researchers simply sitting down in their assigned order and trying their bugs against a specific browser, this year\u2019s contest will be a three-day competition in which entrants earn points for successful exploits against the various targets. \n\nThe targets this year are Chrome, Internet Explorer, Safari and Firefox, but the specific versions of each browser won\u2019t be known until Wednesday when the contest starts.\n\n\u201cWe basically rearchitected the entire thing this year. We wanted to take our limited budget and spread it over three winners in order to give them more incentive to bring their vulns to Pwn2Own,\u201d Aaron Portnoy, the manager of the security research team at TippingPoint, whose Zero Day Initiative runs Pwn2Own, said in explaining the new rules last month. \u201cWe didn\u2019t think it was fair with the drawing. That opens the door for people having a vulnerability they don\u2019t use at the contest and it doesn\u2019t get fixed.\u201d\n\nIn past years, Safari, Firefox and IE have been frequent successful targets at the contest but no one has succeeded in taking down Chrome. This year [Google has offered up to $1 million](<https://threatpost.com/google-withdraws-pwn2own-sponsorship-sets-aside-1-mil-prizes-022812/>) in rewards for successful exploits against its browser. The list of bugs the company fixed in Chrome on Sunday should make that harder.\n\nThe full list of fixes in Chrome include:\n\n * [$1000] [[105867](<https://code.google.com/p/chromium/issues/detail?id=105867>)] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.\n * [$1000] [[108037](<https://code.google.com/p/chromium/issues/detail?id=108037>)] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.\n * [$2000] [[108406](<https://code.google.com/p/chromium/issues/detail?id=108406>)] [[115471](<https://code.google.com/p/chromium/issues/detail?id=115471>)] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.\n * [$1000] [[111748](<https://code.google.com/p/chromium/issues/detail?id=111748>)] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.\n * [$2000] [[112212](<https://code.google.com/p/chromium/issues/detail?id=112212>)] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.\n * [$1000] [[113258](<https://code.google.com/p/chromium/issues/detail?id=113258>)] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.\n * [$3000] [[113439](<https://code.google.com/p/chromium/issues/detail?id=113439>)] [[114924](<https://code.google.com/p/chromium/issues/detail?id=114924>)] [[115028](<https://code.google.com/p/chromium/issues/detail?id=115028>)] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.\n * [$1000] [[113497](<https://code.google.com/p/chromium/issues/detail?id=113497>)] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.\n * [$1000] [[113707](<https://code.google.com/p/chromium/issues/detail?id=113707>)] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.\n * [$500] [[114054](<https://code.google.com/p/chromium/issues/detail?id=114054>)] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.\n * [$1000] [[114068](<https://code.google.com/p/chromium/issues/detail?id=114068>)] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.\n * [$1000] [[114219](<https://code.google.com/p/chromium/issues/detail?id=114219>)] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.\n * [$1000] [[115681](<https://code.google.com/p/chromium/issues/detail?id=115681>)] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.\n * [$1000] [[116093](<https://code.google.com/p/chromium/issues/detail?id=116093>)] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.\n", "reporter": "Dennis Fisher", "published": "2012-03-05T13:01:22", "type": "threatpost", "title": "Google Patches 14 Chrome Bugs Ahead of Pwn2Own, Pays $30k in Special Rewards", "enchantments": {"score": {"modified": "2018-10-06T23:03:38", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2011-3031", "CVE-2011-3032", "CVE-2011-3033", "CVE-2011-3034", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3037", "CVE-2011-3038", "CVE-2011-3039", "CVE-2011-3040", "CVE-2011-3041", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2013-04-17T16:32:42", "id": "THREATPOST:C2C477D50A7823D6994DBC1277C5D3CD", "href": "https://threatpost.com/google-patches-14-chrome-bugs-ahead-pwn2own-pays-30k-special-rewards-030512/76281/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3050", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3051", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3054", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043", "https://bugs.gentoo.org/show_bug.cgi?id=409251", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3055", "https://bugs.gentoo.org/show_bug.cgi?id=407465", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3049", "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3052", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041", "https://bugs.gentoo.org/show_bug.cgi?id=406975", "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3053", "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033", "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html", "https://bugs.gentoo.org/show_bug.cgi?id=407755"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "17.0.963.83", "packageFilename": "UNKNOWN", "packageName": "www-client/chromium", "arch": "all", "operator": "lt"}], "description": "### Background\n\nChromium is an open source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. \n\nA remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-17.0.963.83\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2012-03-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3054", "CVE-2011-3055", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3057", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3053", "CVE-2011-3049", "CVE-2011-3036", "CVE-2011-3050", "CVE-2011-3052", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3056", "CVE-2011-3042", "CVE-2011-3051", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2012-03-25T00:00:00", "id": "GLSA-201203-19", "href": "https://security.gentoo.org/glsa/201203-19", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:46", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3611", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3601", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3657", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3645", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3053", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3064", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3626", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3672", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3059", "https://launchpad.net/bugs/1058339", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3674", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3604", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3669", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3076", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3043", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3090", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3042", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3617", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3627", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3067", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3044", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3031", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3081", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3598", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3038", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3051", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3625", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3086", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1521", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3671", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3652", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3670", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3612", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3628"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.8.3-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.8.3-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwebkitgtk-1.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.8.3-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-3.0-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.8.3-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libjavascriptcoregtk-1.0-0", "operator": "lt"}], "description": "A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.", "edition": 3, "reporter": "Ubuntu", "published": "2012-10-25T00:00:00", "title": "WebKit vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-3670", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3081", "CVE-2011-3031", "CVE-2012-3626", "CVE-2011-3059", "CVE-2012-1521", "CVE-2012-3674", "CVE-2012-3671", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3669", "CVE-2011-3060", "CVE-2012-3652", "CVE-2012-3598", "CVE-2012-3645", "CVE-2011-3038", "CVE-2011-3053", "CVE-2012-3628", "CVE-2011-3076", "CVE-2012-3612", "CVE-2011-3086", "CVE-2012-3617", "CVE-2011-3067", "CVE-2011-3042", "CVE-2011-3090", "CVE-2011-3051", "CVE-2012-3672", "CVE-2012-3627", "CVE-2011-3064", "CVE-2012-3604", "CVE-2012-3601", "CVE-2012-3657"], "modified": "2012-10-25T00:00:00", "id": "USN-1617-1", "href": "https://usn.ubuntu.com/1617-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-09-19-1 iOS 6\r\n\r\niOS 6 is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. CFNetwork may send requests to an incorrect hostname, resulting\r\nin the disclosure of sensitive information. This issue was addressed\r\nthrough improvements to URL handling.\r\nCVE-ID\r\nCVE-2012-3724 : Erling Ellingsen of Facebook\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Multiple vulnerabilities in FreeType\r\nDescription: Multiple vulnerabilities existed in FreeType, the most\r\nserious of which may lead to arbitrary code execution when processing\r\na maliciously crafted font. These issues were addressed by updating\r\nFreeType to version 2.4.9. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2012-1126\r\nCVE-2012-1127\r\nCVE-2012-1128\r\nCVE-2012-1129\r\nCVE-2012-1130\r\nCVE-2012-1131\r\nCVE-2012-1132\r\nCVE-2012-1133\r\nCVE-2012-1134\r\nCVE-2012-1135\r\nCVE-2012-1136\r\nCVE-2012-1137\r\nCVE-2012-1138\r\nCVE-2012-1139\r\nCVE-2012-1140\r\nCVE-2012-1141\r\nCVE-2012-1142\r\nCVE-2012-1143\r\nCVE-2012-1144\r\n\r\nCoreMedia\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access existed in the handling\r\nof Sorenson encoded movie files. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2012-3722 : Will Dormann of the CERT/CC\r\n\r\nDHCP\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may broadcast\r\nMAC addresses of previously accessed networks per the DNAv4 protocol.\r\nThis issue was addressed by disabling DNAv4 on unencrypted Wi-Fi\r\nnetworks.\r\nCVE-ID\r\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc.\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue was addressed by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libpng's\r\nhandling of PNG images. These issues were addressed through improved\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2011-3026 : Juri Aedla\r\nCVE-2011-3048\r\nCVE-2011-3328\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted JPEG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in ImageIO's handling of\r\nJPEG images. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3726 : Phil of PKJE Consulting\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in libTIFF's handling\r\nof TIFF images. This issue was addressed through improved validation\r\nof TIFF images.\r\nCVE-ID\r\nCVE-2012-1173 : Alexander Gavrun working with HP's Zero Day\r\nInitiative\r\n\r\nInternational Components for Unicode\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A stack buffer overflow existed in the handling of ICU\r\nlocale IDs. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-4599\r\n\r\nIPSec\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Loading a maliciously crafted racoon configuration file may\r\nlead to arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of racoon\r\nconfiguration files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2012-3727 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: An invalid pointer dereference issue existed in the\r\nkernel's handling of packet filter ioctls. This may allow an attacker\r\nto alter kernel memory. This issue was addressed through improved\r\nerror handling.\r\nCVE-ID\r\nCVE-2012-3728 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An uninitialized memory access issue existed in the\r\nBerkeley Packet Filter interpreter, which led to the disclosure of\r\nmemory content. This issue was addressed through improved memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2012-3729 : Dan Rosenberg\r\n\r\nlibxml\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libxml, the most\r\nserious of which may lead to an unexpected application termination or\r\narbitrary code execution. These issues were addressed by applying the\r\nrelevant upstream patches.\r\nCVE-ID\r\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\r\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-3919 : Juri Aedla\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Mail may present the wrong attachment in a message\r\nDescription: A logic issue existed in Mail's handling of\r\nattachments. If a subsequent mail attachment used the same Content-ID\r\nas a previous one, the previous attachment would be displayed, even\r\nin the case where the 2 mails originated from different senders. This\r\ncould facilitate some spoofing or phishing attacks. This issue was\r\naddressed through improved handling of attachments.\r\nCVE-ID\r\nCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security\r\nTeam\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Email attachments may be read without user's passcode\r\nDescription: A logic issue existed in Mail's use of Data Protection\r\non email attachments. This issue was addressed by properly setting\r\nthe Data Protection class for email attachments.\r\nCVE-ID\r\nCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich\r\nStuntebeck of AirWatch\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An attacker may spoof the sender of a S/MIME signed message\r\nDescription: S/MIME signed messages displayed the untrusted 'From'\r\naddress, instead of the name associated with the message signer's\r\nidentity. This issue was addressed by displaying the address\r\nassociated with the message signer's identity when it is available.\r\nCVE-ID\r\nCVE-2012-3732 : An anonymous researcher\r\n\r\nMessages\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A user may unintentionally disclose the existence of their\r\nemail addresses\r\nDescription: When a user had multiple email addresses associated\r\nwith iMessage, replying to a message may have resulted in the reply\r\nbeing sent from a different email address. This may disclose another\r\nemail address associated to the user's account. This issue was\r\naddressed by always replying from the email address the original\r\nmessage was sent to.\r\nCVE-ID\r\nCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Unencrypted document data may be written to a temporary file\r\nDescription: An information disclosure issue existed in the support\r\nfor viewing Microsoft Office files. When viewing a document, the\r\nOffice Viewer would write a temporary file containing data from the\r\nviewed document to the temporary directory of the invoking process.\r\nFor an application that uses data protection or other encryption to\r\nprotect the user's files, this could lead to information\r\ndisclosure. This issue was addressed by avoiding creation of\r\ntemporary files when viewing Office documents.\r\nCVE-ID\r\nCVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies\r\n\r\nOpenGL\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation. These issues were addressed through\r\nimproved validation of GLSL shaders.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device could briefly\r\nview the last used third-party app on a locked device\r\nDescription: A logic issue existed with the display of the "Slide to\r\nPower Off" slider on the lock screen. This issue was addressed\r\nthrough improved lock state management.\r\nCVE-ID\r\nCVE-2012-3735 : Chris Lawrence DBB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A logic issue existed in the termination of FaceTime\r\ncalls from the lock screen. This issue was addressed through improved\r\nlock state management.\r\nCVE-ID\r\nCVE-2012-3736 : Ian Vitek of 2Secure AB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: All photos may be accessible at the lock screen\r\nDescription: A design issue existed in the support for viewing\r\nphotos that were taken at the lock screen. In order to determine\r\nwhich photos to permit access to, the passcode lock consulted the\r\ntime at which the device was locked and compared it to the time that\r\na photo was taken. By spoofing the current time, an attacker could\r\ngain access to photos that were taken before the device was locked.\r\nThis issues was addressed by explicitly keeping track of the photos\r\nthat were taken while the device was locked.\r\nCVE-ID\r\nCVE-2012-3737 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to a locked device may perform\r\nFaceTime calls\r\nDescription: A logic issue existed in the Emergency Dialer screen,\r\nwhich permitted FaceTime calls via Voice Dialing on the locked\r\ndevice. This could also disclose the user's contacts via contact\r\nsuggestions. This issue was addressed by disabling Voice Dialing on\r\nthe Emergency Dialer screen.\r\nCVE-ID\r\nCVE-2012-3738 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: Using the camera from the screen lock could in some\r\ncases interfere with automatic lock functionality, allowing a person\r\nwith physical access to the device to bypass the Passcode Lock\r\nscreen. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3739 : Sebastian Spanninger of the Austrian Federal\r\nComputing Centre (BRZ)\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A state management issue existed in the handling of the\r\nscreen lock. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3740 : Ian Vitek of 2Secure AB\r\n\r\nRestrictions\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A user may be able to make purchases without entering Apple\r\nID credentials\r\nDescription: After disabling Restrictions, iOS may not ask for the\r\nuser's password during a transaction. This issue was addressed by\r\nadditional enforcement of purchase authorization.\r\nCVE-ID\r\nCVE-2012-3741 : Kevin Makens of Redwood High School\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Websites may use characters with an appearance similar to\r\nthe lock icon in their titles\r\nDescription: Websites could use a Unicode character to create a lock\r\nicon in the page title. This icon was similar in appearance to the\r\nicon used to indicate a secure connection, and could have lead the\r\nuser to believe a secure connection had been established. This issue\r\nwas addressed by removing these characters from page titles.\r\nCVE-ID\r\nCVE-2012-3742 : Boku Kihara of Lepidum\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Passwords may autocomplete even when the site specifies that\r\nautocomplete should be disabled\r\nDescription: Password input elements with the autocomplete attribute\r\nset to "off" were being autocompleted. This issue was addressed\r\nthrough improved handling of the autocomplete attribute.\r\nCVE-ID\r\nCVE-2012-0680 : Dan Poltawski of Moodle\r\n\r\nSystem Logs\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Sandboxed apps may obtain system log content\r\nDescription: Sandboxed apps had read access to /var/log directory,\r\nwhich may allow them to obtain sensitive information contained in\r\nsystem logs. This issue was addressed by denying sandboxed apps\r\naccess to the /var/log directory.\r\nCVE-ID\r\nCVE-2012-3743\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An SMS message may appear to have been sent by an arbitrary\r\nuser\r\nDescription: Messages displayed the return address of an SMS message\r\nas the sender. Return addresses may be spoofed. This issue was\r\naddressed by always displaying the originating address instead of the\r\nreturn address.\r\nCVE-ID\r\nCVE-2012-3744 : pod2g\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An SMS message may disrupt cellular connectivity\r\nDescription: An off-by-one buffer overflow existed in the handling\r\nof SMS user data headers. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2012-3745 : pod2g\r\n\r\nUIKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An attacker that gains access to a device's filesystem may\r\nbe able to read files that were being displayed in a UIWebView\r\nDescription: Applications that use UIWebView may leave unencrypted\r\nfiles on the file system even when a passcode is enabled. This issue\r\nwas addressed through improved use of data protection.\r\nCVE-ID\r\nCVE-2012-3746 : Ben Smith of Box\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2011-3016 : miaubiz\r\nCVE-2011-3021 : Arthur Gerkis\r\nCVE-2011-3027 : miaubiz\r\nCVE-2011-3032 : Arthur Gerkis\r\nCVE-2011-3034 : Arthur Gerkis\r\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\r\nGerkis\r\nCVE-2011-3036 : miaubiz\r\nCVE-2011-3037 : miaubiz\r\nCVE-2011-3038 : miaubiz\r\nCVE-2011-3039 : miaubiz\r\nCVE-2011-3040 : miaubiz\r\nCVE-2011-3041 : miaubiz\r\nCVE-2011-3042 : miaubiz\r\nCVE-2011-3043 : miaubiz\r\nCVE-2011-3044 : Arthur Gerkis\r\nCVE-2011-3050 : miaubiz\r\nCVE-2011-3053 : miaubiz\r\nCVE-2011-3059 : Arthur Gerkis\r\nCVE-2011-3060 : miaubiz\r\nCVE-2011-3064 : Atte Kettunen of OUSPG\r\nCVE-2011-3068 : miaubiz\r\nCVE-2011-3069 : miaubiz\r\nCVE-2011-3071 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2011-3073 : Arthur Gerkis\r\nCVE-2011-3074 : Slawomir Blazek\r\nCVE-2011-3075 : miaubiz\r\nCVE-2011-3076 : miaubiz\r\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\r\nCVE-2011-3081 : miaubiz\r\nCVE-2011-3086 : Arthur Gerkis\r\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\r\nCVE-2011-3090 : Arthur Gerkis\r\nCVE-2011-3105 : miaubiz\r\nCVE-2011-3913 : Arthur Gerkis\r\nCVE-2011-3924 : Arthur Gerkis\r\nCVE-2011-3926 : Arthur Gerkis\r\nCVE-2011-3958 : miaubiz\r\nCVE-2011-3966 : Aki Helin of OUSPG\r\nCVE-2011-3968 : Arthur Gerkis\r\nCVE-2011-3969 : Arthur Gerkis\r\nCVE-2011-3971 : Arthur Gerkis\r\nCVE-2012-0682 : Apple Product Security\r\nCVE-2012-0683 : Dave Mandelin of Mozilla\r\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\r\nworking with iDefense VCP\r\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.\r\nVazquez of spa-s3c.blogspot.com working with iDefense VCP\r\nCVE-2012-2818 : miaubiz\r\nCVE-2012-3589 : Dave Mandelin of Mozilla\r\nCVE-2012-3590 : Apple Product Security\r\nCVE-2012-3591 : Apple Product Security\r\nCVE-2012-3592 : Apple Product Security\r\nCVE-2012-3593 : Apple Product Security\r\nCVE-2012-3594 : miaubiz\r\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\r\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3598 : Apple Product Security\r\nCVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3600 : David Levin of the Chromium development community\r\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer\r\nCVE-2012-3602 : miaubiz\r\nCVE-2012-3603 : Apple Product Security\r\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\r\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3611 : Apple Product Security\r\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3614 : Yong Li of Research In Motion, Inc.\r\nCVE-2012-3615 : Stephen Chenney of the Chromium development community\r\nCVE-2012-3617 : Apple Product Security\r\nCVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3625 : Skylined of Google Chrome Security Team\r\nCVE-2012-3626 : Apple Product Security\r\nCVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity team\r\nCVE-2012-3628 : Apple Product Security\r\nCVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3640 : miaubiz\r\nCVE-2012-3641 : Slawomir Blazek\r\nCVE-2012-3642 : miaubiz\r\nCVE-2012-3644 : miaubiz\r\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\r\ncommunity, Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the\r\nGoogle Chrome Security Team\r\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\r\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3658 : Apple\r\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\r\n(Inferno) of the Google Chrome Security Team\r\nCVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3661 : Apple Product Security\r\nCVE-2012-3663 : Skylined of Google Chrome Security Team\r\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\r\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3666 : Apple\r\nCVE-2012-3667 : Trevor Squires of propaneapp.com\r\nCVE-2012-3668 : Apple Product Security\r\nCVE-2012-3669 : Apple Product Security\r\nCVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam, Arthur Gerkis\r\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\r\nSecurity Team\r\nCVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3674 : Skylined of Google Chrome Security Team\r\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\r\ncommunity\r\nCVE-2012-3677 : Apple\r\nCVE-2012-3678 : Apple Product Security\r\nCVE-2012-3679 : Chris Leary of Mozilla\r\nCVE-2012-3680 : Skylined of Google Chrome Security Team\r\nCVE-2012-3681 : Apple\r\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\r\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\r\nCVE-2012-3684 : kuzzcc\r\nCVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)\r\nCVE-2012-3703 : Apple Product Security\r\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3706 : Apple Product Security\r\nCVE-2012-3708 : Apple\r\nCVE-2012-3710 : James Robinson of Google\r\nCVE-2012-3747 : David Bloom of Cue\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of CSS\r\nproperty values. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2012-3691 : Apple\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: A malicious website may be able to replace the contents of\r\nan iframe on another site\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nin popup windows. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-3067 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nand fragment identifiers. This issue was addressed through improved\r\norigin tracking.\r\nCVE-ID\r\nCVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,\r\nand Dan Boneh of the Stanford University Security Laboratory\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Look-alike characters in a URL could be used to masquerade a\r\nwebsite\r\nDescription: The International Domain Name (IDN) support and Unicode\r\nfonts embedded in Safari could have been used to create a URL which\r\ncontains look-alike characters. These could have been used in a\r\nmalicious website to direct the user to a spoofed site that visually\r\nappears to be a legitimate domain. This issue was addressed by\r\nsupplementing WebKit's list of known look-alike characters. Look-\r\nalike characters are rendered in Punycode in the address bar.\r\nCVE-ID\r\nCVE-2012-3693 : Matt Cooley of Symantec\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. This may have led to cross-site scripting on sites which use\r\nthe location.href property. This issue was addressed through improved\r\ncanonicalization of URLs.\r\nCVE-ID\r\nCVE-2012-3695 : Masato Kinugawa\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to HTTP\r\nrequest splitting\r\nDescription: An HTTP header injection issue existed in the handling\r\nof WebSockets. This issue was addressed through improved WebSockets\r\nURI sanitization.\r\nCVE-ID\r\nCVE-2012-3696 : David Belcher of the BlackBerry Security Incident\r\nResponse Team\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted website may be able to spoof the value\r\nin the URL bar\r\nDescription: A state management issue existed in the handling of\r\nsession history. Navigations to a fragment on the current page may\r\ncause Safari to display incorrect information in the URL bar. This\r\nissue was addressed through improved session state tracking.\r\nCVE-ID\r\nCVE-2011-2845 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of the disclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of SVG images. This issue was addressed through improved\r\nmemory initialization.\r\nCVE-ID\r\nCVE-2012-3650 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be "6.0".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo\r\n3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5\r\nTZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0\r\n8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9\r\nn4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP\r\ndWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs\r\nJXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP\r\nid6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T\r\nxL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp\r\nRqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj\r\nbmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP\r\nXtT4lS60xKz63YSg79dd\r\n=LvMt\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-09-24T00:00:00", "title": "APPLE-SA-2012-09-19-1 iOS 6", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:45", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2012-3722", "CVE-2012-3729", "CVE-2011-3039", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3724", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2012-1140", "CVE-2012-3693", "CVE-2012-3731", "CVE-2011-3105", "CVE-2012-2815", "CVE-2011-3026", "CVE-2012-1131", "CVE-2012-3639", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2012-3746", "CVE-2011-3968", "CVE-2012-1136", "CVE-2012-3703", "CVE-2012-3736", "CVE-2011-2845", "CVE-2012-3738", "CVE-2012-3626", "CVE-2012-3704", "CVE-2012-3603", "CVE-2012-3743", "CVE-2012-3663", "CVE-2012-1138", "CVE-2011-4599", "CVE-2012-3668", "CVE-2012-1127", "CVE-2012-3660", "CVE-2012-3678", "CVE-2012-1520", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3635", "CVE-2012-3644", "CVE-2012-1521", "CVE-2012-3676", "CVE-2012-3674", "CVE-2012-3593", "CVE-2011-3075", "CVE-2012-1126", "CVE-2012-3671", "CVE-2011-3457", "CVE-2012-3602", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3659", "CVE-2011-3958", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-3706", "CVE-2012-3658", "CVE-2012-0683", "CVE-2012-0680", "CVE-2012-3684", "CVE-2011-3060", "CVE-2012-1141", "CVE-2012-3727", "CVE-2012-3652", "CVE-2012-3651", "CVE-2011-3971", "CVE-2011-3919", "CVE-2012-1130", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3733", "CVE-2012-3664", "CVE-2012-1135", "CVE-2011-3069", "CVE-2012-1144", "CVE-2012-3744", "CVE-2012-3656", "CVE-2012-3666", "CVE-2012-3598", "CVE-2012-3710", "CVE-2012-3645", "CVE-2012-3741", "CVE-2011-1167", "CVE-2012-1133", "CVE-2011-3074", "CVE-2012-3661", "CVE-2012-3726", "CVE-2011-3038", "CVE-2011-3035", "CVE-2012-3708", "CVE-2012-1134", "CVE-2012-3673", "CVE-2011-3053", "CVE-2012-3725", "CVE-2012-3681", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3734", "CVE-2012-3682", "CVE-2012-3686", "CVE-2012-1139", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-3747", "CVE-2012-2818", "CVE-2011-3328", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3745", "CVE-2011-2834", "CVE-2012-3628", "CVE-2012-3740", "CVE-2011-3926", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3614", "CVE-2012-3612", "CVE-2012-3696", "CVE-2012-3605", "CVE-2012-3647", "CVE-2012-3648", "CVE-2011-3086", "CVE-2012-1132", "CVE-2012-3737", "CVE-2012-3617", "CVE-2011-3041", "CVE-2012-3613", "CVE-2011-3048", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3679", "CVE-2012-3728", "CVE-2011-3067", "CVE-2012-3677", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-1142", "CVE-2012-3630", "CVE-2012-3735", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3732", "CVE-2012-3691", "CVE-2012-3650", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-3599", "CVE-2012-1128", "CVE-2012-3624", "CVE-2012-1173", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3672", "CVE-2012-3592", "CVE-2011-3037", "CVE-2011-2821", "CVE-2012-3627", "CVE-2011-1944", "CVE-2012-3615", "CVE-2012-3695", "CVE-2012-3742", "CVE-2011-3913", "CVE-2012-1129", "CVE-2012-3591", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3604", "CVE-2012-3730", "CVE-2012-3601", "CVE-2012-1143", "CVE-2011-3040", "CVE-2012-3739", "CVE-2012-3631", "CVE-2012-3597", "CVE-2011-3089", "CVE-2012-1137"], "modified": "2012-09-24T00:00:00", "id": "SECURITYVULNS:DOC:28576", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28576", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
