Lucene search
HistoryAug 06, 2012 - 3:55 p.m.
CVE-2012-2848
cve-2012-2848
google chrome
drag-and-drop
security
mac os x
linux
windows
chrome frame
file access restrictions
remote attackers
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.
Affected configurations
Node
googlechromeRange≤21.0.1180.56
ORgooglechromeMatch21.0.1180.0
ORgooglechromeMatch21.0.1180.1
ORgooglechromeMatch21.0.1180.2
ORgooglechromeMatch21.0.1180.31
ORgooglechromeMatch21.0.1180.32
ORgooglechromeMatch21.0.1180.33
ORgooglechromeMatch21.0.1180.34
ORgooglechromeMatch21.0.1180.35
ORgooglechromeMatch21.0.1180.36
ORgooglechromeMatch21.0.1180.37
ORgooglechromeMatch21.0.1180.38
ORgooglechromeMatch21.0.1180.39
ORgooglechromeMatch21.0.1180.41
ORgooglechromeMatch21.0.1180.46
ORgooglechromeMatch21.0.1180.47
ORgooglechromeMatch21.0.1180.48
ORgooglechromeMatch21.0.1180.49
ORgooglechromeMatch21.0.1180.50
ORgooglechromeMatch21.0.1180.51
ORgooglechromeMatch21.0.1180.52
ORgooglechromeMatch21.0.1180.53
ORgooglechromeMatch21.0.1180.54
ORgooglechromeMatch21.0.1180.55
applemac_os_x
ORlinuxlinux_kernel
Node
googlechromeRange≤21.0.1180.59
ORgooglechromeMatch21.0.1180.0
ORgooglechromeMatch21.0.1180.1
ORgooglechromeMatch21.0.1180.2
ORgooglechromeMatch21.0.1180.31
ORgooglechromeMatch21.0.1180.32
ORgooglechromeMatch21.0.1180.33
ORgooglechromeMatch21.0.1180.34
ORgooglechromeMatch21.0.1180.35
ORgooglechromeMatch21.0.1180.36
ORgooglechromeMatch21.0.1180.37
ORgooglechromeMatch21.0.1180.38
ORgooglechromeMatch21.0.1180.39
ORgooglechromeMatch21.0.1180.41
ORgooglechromeMatch21.0.1180.46
ORgooglechromeMatch21.0.1180.47
ORgooglechromeMatch21.0.1180.48
ORgooglechromeMatch21.0.1180.49
ORgooglechromeMatch21.0.1180.50
ORgooglechromeMatch21.0.1180.51
ORgooglechromeMatch21.0.1180.52
ORgooglechromeMatch21.0.1180.53
ORgooglechromeMatch21.0.1180.54
ORgooglechromeMatch21.0.1180.55
ORgooglechromeMatch21.0.1180.56
ORgooglechromeMatch21.0.1180.57
googleframeMatch-
ORmicrosoftwindows
Related
cvelist
cvelist
CVE-2012-2848
2012-08-06 15:00:00
prion
prion
Design/Logic Flaw
2012-08-06 15:55:00
debiancve
debiancve
CVE-2012-2848
2012-08-06 15:55:00
ubuntucve
ubuntucve
CVE-2012-2848
2012-08-06 00:00:00
nvd
nvd
CVE-2012-2848
2012-08-06 15:55:01
openvas
openvas
Google Chrome Multiple Vulnerabilities (Aug 2012) - Windows
2012-08-08 00:00:00
Google Chrome Multiple Vulnerabilities - August 12 (Windows)
2012-08-08 00:00:00
Google Chrome Multiple Vulnerabilities - August 12 (Mac OS X)
2012-08-08 00:00:00
nessus
nessus
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
2012-08-01 00:00:00
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
2012-08-01 00:00:00
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
2012-08-01 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-07-31 00:00:00
chrome
chrome
Stable Channel Release
2012-07-31 00:00:00
threatpost
threatpost
Google Chrome 21 Fixes Six High-Risk Vulnerabilities
2012-07-31 21:15:08
gentoo
gentoo
Chromium: Multiple vulnerabilities
2012-08-14 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
Related for CVE-2012-2848