7.9 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.2%
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an “off-by-three” error.
secunia.com/advisories/44141
www.mozilla.org/security/announce/2011/mfsa2011-17.html
www.securityfocus.com/bid/47377
www.securitytracker.com/id?1025377
www.vupen.com/english/advisories/2011/1006
bugzilla.mozilla.org/show_bug.cgi?id=623791
code.google.com/p/angleproject/source/detail?r=611
code.google.com/p/chromium/issues/detail?id=70070
exchange.xforce.ibmcloud.com/vulnerabilities/66766
googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466