Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2022 Tenable Network Security, Inc.GOOGLE_CHROME_1_0_154_65.NASL
HistoryMay 15, 2009 - 12:00 a.m.

Google Chrome < 1.0.154.65 WebKit SVGList Object Handling Memory Corruption

2009-05-1500:00:00
This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The version of Google Chrome installed on the remote host is earlier than 1.0.154.65. Such versions are reportedly affected by a memory corruption issue. An attacker could exploit this flaw in order to run arbitrary code inside the Google Chrome sandbox.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(38791);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2009-0945");
  script_bugtraq_id(34924);

  script_name(english:"Google Chrome < 1.0.154.65 WebKit SVGList Object Handling Memory Corruption");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by a remote
code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 1.0.154.65. Such versions are reportedly affected by a memory
corruption issue. An attacker could exploit this flaw in order to run
arbitrary code inside the Google Chrome sandbox.");
  # https://chromereleases.googleblog.com/2009/05/stable-update-bug-fix.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c9adf2dd");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 1.0.154.65 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(94);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'1.0.154.65', severity:SECURITY_WARNING);
VendorProductVersionCPE
googlechromecpe:/a:google:chrome

Related

cve 1
nessus 21
fedora 3
zdi 1
veracode 1
securityvulns 3
openvas 31
prion 1
ubuntucve 1
debiancve 1
chrome 1
altlinux 2
osv 3
centos 1
redhat 1
debian 4
ubuntu 4
cve
cve
CVE-2009-0945
2009-05-13 17:30:00
nessus
nessus
Fedora 11 : webkitgtk-1.1.8-1.fc11 (2009-6166)
2009-07-13 00:00:00
Scientific Linux Security Update : kdegraphics on SL5.x i386/x86_64
2012-08-01 00:00:00
Ubuntu 8.04 LTS : kdegraphics vulnerabilities (USN-823-1)
2013-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: webkitgtk-1.1.8-1.fc11
2009-07-11 17:06:37
[SECURITY] Fedora 11 Update: kdelibs-4.2.4-6.fc11
2009-07-28 18:23:23
[SECURITY] Fedora 10 Update: kdelibs-4.2.4-6.fc10
2009-07-28 18:26:55
zdi
zdi
Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
2009-05-13 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:39:14
securityvulns
securityvulns
ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
2009-05-20 00:00:00
Apple Mac OS X multiple security vulnerabilities
2009-05-29 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
openvas
openvas
Fedora Core 11 FEDORA-2009-6166 (webkitgtk)
2009-07-29 00:00:00
Fedora Core 11 FEDORA-2009-6166 (webkitgtk)
2009-07-29 00:00:00
RedHat Security Advisory RHSA-2009:1130
2009-06-30 00:00:00
prion
prion
Memory corruption
2009-05-13 17:30:00
ubuntucve
ubuntucve
CVE-2009-0945
2009-05-13 00:00:00
debiancve
debiancve
CVE-2009-0945
2009-05-13 17:30:00
chrome
chrome
Stable Update: Bug fix
2009-05-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package kde4libs version 4.2.4-alt3
2009-06-29 00:00:00
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt4
2009-12-24 00:00:00
osv
osv
kdegraphics - several vulnerabilities
2009-08-19 00:00:00
qt4-x11 - several vulnerabilities
2010-02-02 00:00:00
webkit - several vulnerabilities
2009-12-12 00:00:00
centos
centos
kdegraphics security update
2009-06-26 14:06:51
redhat
redhat
(RHSA-2009:1130) Critical: kdegraphics security update
2009-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1866-1] New kdegraphics packages fix several vulnerabilities
2009-08-19 12:33:15
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:29
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
ubuntu
ubuntu
KDE-Graphics vulnerabilities
2009-08-24 00:00:00
KDE-Libs vulnerabilities
2009-08-24 00:00:00
WebKit vulnerabilities
2009-09-23 00:00:00
JSON
Related for GOOGLE_CHROME_1_0_154_65.NASL
cve1nessus21fedora3zdi1veracode1securityvulns3openvas31prion1ubuntucve1debiancve1chrome1altlinux2osv3centos1redhat1debian4ubuntu4