{"id": "UB:CVE-2011-1196", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2011-1196", "description": "The OGG container implementation in Google Chrome before 10.0.648.127\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors that trigger an out-of-bounds\nwrite.\n\n#### Bugs\n\n * <http://code.google.com/p/chromium/issues/detail?id=71788>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | doesn't seem to affect 0.5.x\n", "published": "2011-03-10T00:00:00", "modified": "2011-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2011-1196", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1196", "https://ubuntu.com/security/notices/USN-1209-1", "https://ubuntu.com/security/notices/USN-1209-2", "https://nvd.nist.gov/vuln/detail/CVE-2011-1196", "https://launchpad.net/bugs/cve/CVE-2011-1196", "https://security-tracker.debian.org/tracker/CVE-2011-1196"], "cvelist": ["CVE-2011-1196"], "immutableFields": [], "lastseen": "2021-11-22T21:57:09", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1196"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1196"]}, {"type": "nessus", "idList": ["5812.PASL", "800960.PRM", "GOOGLE_CHROME_10_0_648_127.NASL", "UBUNTU_USN-1209-1.NASL", "UBUNTU_USN-1209-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801762", "OPENVAS:1361412562310801763", "OPENVAS:1361412562310840747", "OPENVAS:1361412562310840750", "OPENVAS:801762", "OPENVAS:801763", "OPENVAS:840747", "OPENVAS:840750"]}, {"type": "ubuntu", "idList": ["USN-1209-1", "USN-1209-2"]}], "rev": 4}, "score": {"value": 7.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2011-1196"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1196"]}, {"type": "nessus", "idList": ["5812.PASL"]}, {"type": "openvas", "idList": ["OPENVAS:881444"]}, {"type": "ubuntu", "idList": ["USN-1209-2"]}]}, "exploitation": null, "vulnersScore": 7.1}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "10.0.648.127", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "ffmpeg"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "ffmpeg-extra"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "libav"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "libav-extra"}], "bugs": ["http://code.google.com/p/chromium/issues/detail?id=71788"], "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T11:49:19", "description": "The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "cve", "title": "CVE-2011-1196", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1196"], "modified": "2020-06-03T18:44:00", "cpe": [], "id": "CVE-2011-1196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1196", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-04-24T07:37:21", "description": "The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.", "cvss3": {}, "published": "2011-03-11T02:01:00", "type": "debiancve", "title": "CVE-2011-1196", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1196"], "modified": "2011-03-11T02:01:00", "id": "DEBIANCVE:CVE-2011-1196", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1196", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:10:52", "description": "It was discovered that Libav incorrectly handled certain malformed ogg \nfiles. If a user were tricked into opening a crafted ogg file, an attacker \ncould cause a denial of service via application crash, or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2011-1196)\n\nIt was discovered that Libav incorrectly handled certain malformed AMV \nfiles. If a user were tricked into opening a crafted AMV file, an attacker \ncould cause a denial of service via application crash, or possibly execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2011-1931)\n\nEmmanouel Kellinis discovered that Libav incorrectly handled certain \nmalformed CAVS files. If a user were tricked into opening a crafted CAVS \nfile, an attacker could cause a denial of service via application crash, or \npossibly execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2011-3362)\n", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "ubuntu", "title": "Libav vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3362", "CVE-2011-1931", "CVE-2011-1196"], "modified": "2011-09-19T00:00:00", "id": "USN-1209-2", "href": "https://ubuntu.com/security/notices/USN-1209-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T13:10:53", "description": "It was discovered that FFmpeg incorrectly handled certain malformed ogg \nfiles. If a user were tricked into opening a crafted ogg file, an attacker \ncould cause a denial of service via application crash, or possibly execute \narbitrary code with the privileges of the user invoking the program. This \nissue only affected Ubuntu 10.10. (CVE-2011-1196)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed AMV \nfiles. If a user were tricked into opening a crafted AMV file, an attacker \ncould cause a denial of service via application crash, or possibly execute \narbitrary code with the privileges of the user invoking the program. This \nissue only affected Ubuntu 10.10. (CVE-2011-1931)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed APE \nfiles. If a user were tricked into opening a crafted APE file, an attacker \ncould cause a denial of service via application crash. (CVE-2011-2161)\n\nEmmanouel Kellinis discovered that FFmpeg incorrectly handled certain \nmalformed CAVS files. If a user were tricked into opening a crafted CAVS \nfile, an attacker could cause a denial of service via application crash, or \npossibly execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2011-3362)\n", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "ubuntu", "title": "FFmpeg vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2161", "CVE-2011-3362", "CVE-2011-1931", "CVE-2011-1196"], "modified": "2011-09-19T00:00:00", "id": "USN-1209-1", "href": "https://ubuntu.com/security/notices/USN-1209-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:26:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1209-2", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for libav USN-1209-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1931", "CVE-2011-1196", "CVE-2011-3362"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840747", "href": "http://plugins.openvas.org/nasl.php?oid=840747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1209_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libav USN-1209-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Libav incorrectly handled certain malformed ogg\n files. If a user were tricked into opening a crafted ogg file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-1196)\n\n It was discovered that Libav incorrectly handled certain malformed AMV\n files. If a user were tricked into opening a crafted AMV file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-1931)\n \n Emmanouel Kellinis discovered that Libav incorrectly handled certain\n malformed CAVS files. If a user were tricked into opening a crafted CAVS\n file, an attacker could cause a denial of service via application crash, or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2011-3362)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1209-2\";\ntag_affected = \"libav on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1209-2/\");\n script_id(840747);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1209-2\");\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-3362\");\n script_name(\"Ubuntu Update for libav USN-1209-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.6.2-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.6.2-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1209-2", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for libav USN-1209-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1931", "CVE-2011-1196", "CVE-2011-3362"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1209_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libav USN-1209-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1209-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840747\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1209-2\");\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-3362\");\n script_name(\"Ubuntu Update for libav USN-1209-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1209-2\");\n script_tag(name:\"affected\", value:\"libav on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Libav incorrectly handled certain malformed ogg\n files. If a user were tricked into opening a crafted ogg file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-1196)\n\n It was discovered that Libav incorrectly handled certain malformed AMV\n files. If a user were tricked into opening a crafted AMV file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-1931)\n\n Emmanouel Kellinis discovered that Libav incorrectly handled certain\n malformed CAVS files. If a user were tricked into opening a crafted CAVS\n file, an attacker could cause a denial of service via application crash, or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2011-3362)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.6.2-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.6.2-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:26:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1209-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for ffmpeg USN-1209-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2161", "CVE-2011-1931", "CVE-2011-1196", "CVE-2011-3362"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840750", "href": "http://plugins.openvas.org/nasl.php?oid=840750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1209_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for ffmpeg USN-1209-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg incorrectly handled certain malformed ogg\n files. If a user were tricked into opening a crafted ogg file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program. This\n issue only affected Ubuntu 10.10. (CVE-2011-1196)\n\n It was discovered that FFmpeg incorrectly handled certain malformed AMV\n files. If a user were tricked into opening a crafted AMV file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program. This\n issue only affected Ubuntu 10.10. (CVE-2011-1931)\n \n It was discovered that FFmpeg incorrectly handled certain malformed APE\n files. If a user were tricked into opening a crafted APE file, an attacker\n could cause a denial of service via application crash. (CVE-2011-2161)\n \n Emmanouel Kellinis discovered that FFmpeg incorrectly handled certain\n malformed CAVS files. If a user were tricked into opening a crafted CAVS\n file, an attacker could cause a denial of service via application crash, or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2011-3362)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1209-1\";\ntag_affected = \"ffmpeg on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1209-1/\");\n script_id(840750);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1209-1\");\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-2161\", \"CVE-2011-3362\");\n script_name(\"Ubuntu Update for ffmpeg USN-1209-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.1-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.1-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.6-2ubuntu6.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.6-2ubuntu6.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1209-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for ffmpeg USN-1209-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2161", "CVE-2011-1931", "CVE-2011-1196", "CVE-2011-3362"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1209_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for ffmpeg USN-1209-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1209-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840750\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1209-1\");\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-2161\", \"CVE-2011-3362\");\n script_name(\"Ubuntu Update for ffmpeg USN-1209-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|10\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1209-1\");\n script_tag(name:\"affected\", value:\"ffmpeg on Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that FFmpeg incorrectly handled certain malformed ogg\n files. If a user were tricked into opening a crafted ogg file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program. This\n issue only affected Ubuntu 10.10. (CVE-2011-1196)\n\n It was discovered that FFmpeg incorrectly handled certain malformed AMV\n files. If a user were tricked into opening a crafted AMV file, an attacker\n could cause a denial of service via application crash, or possibly execute\n arbitrary code with the privileges of the user invoking the program. This\n issue only affected Ubuntu 10.10. (CVE-2011-1931)\n\n It was discovered that FFmpeg incorrectly handled certain malformed APE\n files. If a user were tricked into opening a crafted APE file, an attacker\n could cause a denial of service via application crash. (CVE-2011-2161)\n\n Emmanouel Kellinis discovered that FFmpeg incorrectly handled certain\n malformed CAVS files. If a user were tricked into opening a crafted CAVS\n file, an attacker could cause a denial of service via application crash, or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2011-3362)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.1-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.1-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.6-2ubuntu6.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.6-2ubuntu6.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-05T11:22:29", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-16T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - March 11(Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1202", "CVE-2011-1197", "CVE-2011-1286", "CVE-2011-1204", "CVE-2011-1194", "CVE-2011-1199", "CVE-2011-1195", "CVE-2011-1191", "CVE-2011-1201", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-1196", "CVE-2011-1285", "CVE-2011-1185", "CVE-2011-1198", "CVE-2011-1189", "CVE-2011-1187", "CVE-2011-1193", "CVE-2011-1188", "CVE-2011-1200"], "modified": "2017-09-04T00:00:00", "id": "OPENVAS:801763", "href": "http://plugins.openvas.org/nasl.php?oid=801763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar11_win.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March 11(Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 10.0.648.127 on Windows\";\ntag_insight = \"The flaws are due to\n - Not preventing 'navigation' and 'close' operations on the top location of a\n sandboxed frame.\n - Cross-origin error message leak.\n - Error in performing 'box layout'.\n - Memory corruption error in 'counter nodes'.\n - Error in 'Web Workers' implementation which allows remote attackers to\n bypass the Same Origin Policy via unspecified vectors, related to an error\n message leak.\n - Use-after-free vulnerability in 'DOM URL' handling.\n - Error in 'Google V8', which allows remote attackers to bypass the Same\n Origin Policy via unspecified vectors.\n - Use-after-free vulnerability in document script lifetime handling.\n - Error in performing 'table painting'.\n - Error in 'OGG' container implementation.\n - Use of corrupt out-of-bounds structure in video code.\n - Error in handling DataView objects.\n - Bad cast in text rendering.\n - Error in context implementation in WebKit.\n - Unspecified vulnerability in the 'XSLT' implementation.\n - Not properly handling 'SVG' cursors.\n - 'DOM' tree corruption with attribute handling.\n - Corruption via re-entrancy of RegExp code.\";\ntag_solution = \"Upgrade to the Google Chrome 10.0.648.127 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801763);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)\");\n script_cve_id(\"CVE-2011-1185\", \"CVE-2011-1187\", \"CVE-2011-1188\", \"CVE-2011-1189\",\n \"CVE-2011-1190\", \"CVE-2011-1191\", \"CVE-2011-1193\", \"CVE-2011-1194\",\n \"CVE-2011-1195\", \"CVE-2011-1196\", \"CVE-2011-1197\", \"CVE-2011-1198\",\n \"CVE-2011-1199\", \"CVE-2011-1200\", \"CVE-2011-1201\", \"CVE-2011-1202\",\n \"CVE-2011-1203\", \"CVE-2011-1204\", \"CVE-2011-1285\", \"CVE-2011-1286\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - March 11(Windows)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 10.0.648.127.\nif(version_is_less(version:chromeVer, test_version:\"10.0.648.127\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:22:24", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-16T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - March 11(Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1202", "CVE-2011-1197", "CVE-2011-1286", "CVE-2011-1204", "CVE-2011-1194", "CVE-2011-1199", "CVE-2011-1195", "CVE-2011-1191", "CVE-2011-1201", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-1196", "CVE-2011-1285", "CVE-2011-1185", "CVE-2011-1198", "CVE-2011-1189", "CVE-2011-1187", "CVE-2011-1193", "CVE-2011-1188", "CVE-2011-1200"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March 11(Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801763\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)\");\n script_cve_id(\"CVE-2011-1185\", \"CVE-2011-1187\", \"CVE-2011-1188\", \"CVE-2011-1189\",\n \"CVE-2011-1190\", \"CVE-2011-1191\", \"CVE-2011-1193\", \"CVE-2011-1194\",\n \"CVE-2011-1195\", \"CVE-2011-1196\", \"CVE-2011-1197\", \"CVE-2011-1198\",\n \"CVE-2011-1199\", \"CVE-2011-1200\", \"CVE-2011-1201\", \"CVE-2011-1202\",\n \"CVE-2011-1203\", \"CVE-2011-1204\", \"CVE-2011-1285\", \"CVE-2011-1286\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - March 11(Windows)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 10.0.648.127 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - Not preventing 'navigation' and 'close' operations on the top location of a\n sandboxed frame.\n\n - Cross-origin error message leak.\n\n - Error in performing 'box layout'.\n\n - Memory corruption error in 'counter nodes'.\n\n - Error in 'Web Workers' implementation which allows remote attackers to\n bypass the Same Origin Policy via unspecified vectors, related to an error\n message leak.\n\n - Use-after-free vulnerability in 'DOM URL' handling.\n\n - Error in 'Google V8', which allows remote attackers to bypass the Same\n Origin Policy via unspecified vectors.\n\n - Use-after-free vulnerability in document script lifetime handling.\n\n - Error in performing 'table painting'.\n\n - Error in 'OGG' container implementation.\n\n - Use of corrupt out-of-bounds structure in video code.\n\n - Error in handling DataView objects.\n\n - Bad cast in text rendering.\n\n - Error in context implementation in WebKit.\n\n - Unspecified vulnerability in the 'XSLT' implementation.\n\n - Not properly handling 'SVG' cursors.\n\n - 'DOM' tree corruption with attribute handling.\n\n - Corruption via re-entrancy of RegExp code.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 10.0.648.127 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"10.0.648.127\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"10.0.648.127\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:19:51", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-16T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - March 11(Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1413", "CVE-2011-1202", "CVE-2011-1186", "CVE-2011-1192", "CVE-2011-1197", "CVE-2011-1286", "CVE-2011-1204", "CVE-2011-1194", "CVE-2011-1199", "CVE-2011-1195", "CVE-2011-1191", "CVE-2011-1201", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-1196", "CVE-2011-1285", "CVE-2011-1185", "CVE-2011-1198", "CVE-2011-1189", "CVE-2011-1187", "CVE-2011-1193", "CVE-2011-1188", "CVE-2011-1200"], "modified": "2017-08-25T00:00:00", "id": "OPENVAS:801762", "href": "http://plugins.openvas.org/nasl.php?oid=801762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_dos_vuln_mar11_lin.nasl 7006 2017-08-25 11:51:20Z teissa $\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March 11(Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause denial-of-service.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 10.0.648.127 on Linux.\";\ntag_insight = \"The flaws are due to\n - Not preventing 'navigation' and 'close' operations on the top location of a\n sandboxed frame.\n - Error in handling parallel execution of calls to the 'print' method.\n - Cross-origin error message leak.\n - Error in performing 'box layout'.\n - Memory corruption error in 'counter nodes'.\n - Error in 'Web Workers' implementation allows which remote attackers to\n bypass the Same Origin Policy via unspecified vectors, related to an error\n message leak.\n - Use-after-free vulnerability in 'DOM URL' handling.\n - Out of bounds read handling unicode ranges.\n - Error in 'Google V8', allows remote attackers to bypass the Same Origin\n Policy via unspecified vectors.\n - Use-after-free vulnerability in document script lifetime handling.\n - Error in performing 'table painting'.\n - Error in 'OGG' container implementation.\n - Use of corrupt out-of-bounds structure in video code.\n - Error in handling DataView objects.\n - Bad cast in text rendering.\n - Error in context implementation in WebKit.\n - Unspecified vulnerability in the 'XSLT' implementation.\n - Not properly handling 'SVG' cursors.\n - 'DOM' tree corruption with attribute handling.\n - Corruption via re-entrancy of RegExp code.\n - Not properly mitigate an unspecified flaw in an X server.\";\ntag_solution = \"Upgrade to the Google Chrome 10.0.648.127 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801762);\n script_version(\"$Revision: 7006 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-25 13:51:20 +0200 (Fri, 25 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)\");\n script_cve_id(\"CVE-2011-1185\", \"CVE-2011-1186\", \"CVE-2011-1187\", \"CVE-2011-1188\",\n \"CVE-2011-1189\", \"CVE-2011-1190\", \"CVE-2011-1191\", \"CVE-2011-1192\",\n \"CVE-2011-1193\", \"CVE-2011-1194\", \"CVE-2011-1195\", \"CVE-2011-1196\",\n \"CVE-2011-1197\", \"CVE-2011-1198\", \"CVE-2011-1199\", \"CVE-2011-1200\",\n \"CVE-2011-1201\", \"CVE-2011-1202\", \"CVE-2011-1203\", \"CVE-2011-1204\",\n \"CVE-2011-1285\", \"CVE-2011-1286\", \"CVE-2011-1413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - March 11(Linux)\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_require_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 10.0.648.127.\nif(version_is_less(version:chromeVer, test_version:\"10.0.648.127\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:22:58", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-03-16T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - March 11(Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1413", "CVE-2011-1202", "CVE-2011-1186", "CVE-2011-1192", "CVE-2011-1197", "CVE-2011-1286", "CVE-2011-1204", "CVE-2011-1194", "CVE-2011-1199", "CVE-2011-1195", "CVE-2011-1191", "CVE-2011-1201", "CVE-2011-1203", "CVE-2011-1190", "CVE-2011-1196", "CVE-2011-1285", "CVE-2011-1185", "CVE-2011-1198", "CVE-2011-1189", "CVE-2011-1187", "CVE-2011-1193", "CVE-2011-1188", "CVE-2011-1200"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Denial of Service Vulnerabilities - March 11(Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801762\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)\");\n script_cve_id(\"CVE-2011-1185\", \"CVE-2011-1186\", \"CVE-2011-1187\", \"CVE-2011-1188\",\n \"CVE-2011-1189\", \"CVE-2011-1190\", \"CVE-2011-1191\", \"CVE-2011-1192\",\n \"CVE-2011-1193\", \"CVE-2011-1194\", \"CVE-2011-1195\", \"CVE-2011-1196\",\n \"CVE-2011-1197\", \"CVE-2011-1198\", \"CVE-2011-1199\", \"CVE-2011-1200\",\n \"CVE-2011-1201\", \"CVE-2011-1202\", \"CVE-2011-1203\", \"CVE-2011-1204\",\n \"CVE-2011-1285\", \"CVE-2011-1286\", \"CVE-2011-1413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - March 11(Linux)\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause denial-of-service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 10.0.648.127 on Linux.\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - Not preventing 'navigation' and 'close' operations on the top location of a\n sandboxed frame.\n\n - Error in handling parallel execution of calls to the 'print' method.\n\n - Cross-origin error message leak.\n\n - Error in performing 'box layout'.\n\n - Memory corruption error in 'counter nodes'.\n\n - Error in 'Web Workers' implementation allows which remote attackers to\n bypass the Same Origin Policy via unspecified vectors, related to an error\n message leak.\n\n - Use-after-free vulnerability in 'DOM URL' handling.\n\n - Out of bounds read handling unicode ranges.\n\n - Error in 'Google V8', allows remote attackers to bypass the Same Origin\n Policy via unspecified vectors.\n\n - Use-after-free vulnerability in document script lifetime handling.\n\n - Error in performing 'table painting'.\n\n - Error in 'OGG' container implementation.\n\n - Use of corrupt out-of-bounds structure in video code.\n\n - Error in handling DataView objects.\n\n - Bad cast in text rendering.\n\n - Error in context implementation in WebKit.\n\n - Unspecified vulnerability in the 'XSLT' implementation.\n\n - Not properly handling 'SVG' cursors.\n\n - 'DOM' tree corruption with attribute handling.\n\n - Corruption via re-entrancy of RegExp code.\n\n - Not properly mitigate an unspecified flaw in an X server.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 10.0.648.127 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"10.0.648.127\")){\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"10.0.648.127\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:59:51", "description": "It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-1196)\n\nIt was discovered that Libav incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-1931)\n\nEmmanouel Kellinis discovered that Libav incorrectly handled certain malformed CAVS files. If a user were tricked into opening a crafted CAVS file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3362).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : libav vulnerabilities (USN-1209-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1196", "CVE-2011-1931", "CVE-2011-3362"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libavcodec52", "p-cpe:/a:canonical:ubuntu_linux:libavformat52", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1209-2.NASL", "href": "https://www.tenable.com/plugins/nessus/56237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1209-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56237);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-3362\");\n script_bugtraq_id(47602, 49115);\n script_xref(name:\"USN\", value:\"1209-2\");\n\n script_name(english:\"Ubuntu 11.04 : libav vulnerabilities (USN-1209-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Libav incorrectly handled certain malformed ogg\nfiles. If a user were tricked into opening a crafted ogg file, an\nattacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2011-1196)\n\nIt was discovered that Libav incorrectly handled certain malformed AMV\nfiles. If a user were tricked into opening a crafted AMV file, an\nattacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2011-1931)\n\nEmmanouel Kellinis discovered that Libav incorrectly handled certain\nmalformed CAVS files. If a user were tricked into opening a crafted\nCAVS file, an attacker could cause a denial of service via application\ncrash, or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2011-3362).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1209-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec52 and / or libavformat52 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat52\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libavcodec52\", pkgver:\"4:0.6.2-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libavformat52\", pkgver:\"4:0.6.2-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec52 / libavformat52\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:48", "description": "It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10.\n(CVE-2011-1196)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10.\n(CVE-2011-1931)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed APE files. If a user were tricked into opening a crafted APE file, an attacker could cause a denial of service via application crash.\n(CVE-2011-2161)\n\nEmmanouel Kellinis discovered that FFmpeg incorrectly handled certain malformed CAVS files. If a user were tricked into opening a crafted CAVS file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3362).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 : ffmpeg vulnerabilities (USN-1209-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1196", "CVE-2011-1931", "CVE-2011-2161", "CVE-2011-3362"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libavcodec52", "p-cpe:/a:canonical:ubuntu_linux:libavformat52", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1209-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56236", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1209-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56236);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1196\", \"CVE-2011-1931\", \"CVE-2011-2161\", \"CVE-2011-3362\");\n script_bugtraq_id(47602, 49115);\n script_xref(name:\"USN\", value:\"1209-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : ffmpeg vulnerabilities (USN-1209-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FFmpeg incorrectly handled certain malformed\nogg files. If a user were tricked into opening a crafted ogg file, an\nattacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. This issue only affected Ubuntu 10.10.\n(CVE-2011-1196)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed\nAMV files. If a user were tricked into opening a crafted AMV file, an\nattacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. This issue only affected Ubuntu 10.10.\n(CVE-2011-1931)\n\nIt was discovered that FFmpeg incorrectly handled certain malformed\nAPE files. If a user were tricked into opening a crafted APE file, an\nattacker could cause a denial of service via application crash.\n(CVE-2011-2161)\n\nEmmanouel Kellinis discovered that FFmpeg incorrectly handled certain\nmalformed CAVS files. If a user were tricked into opening a crafted\nCAVS file, an attacker could cause a denial of service via application\ncrash, or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2011-3362).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1209-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec52 and / or libavformat52 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat52\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavcodec52\", pkgver:\"4:0.5.1-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavformat52\", pkgver:\"4:0.5.1-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libavcodec52\", pkgver:\"4:0.6-2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libavformat52\", pkgver:\"4:0.6-2ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec52 / libavformat52\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:15:21", "description": "The version of Google Chrome installed on the remote host is earlier than 10.0.648.127. Such versions are reportedly affected by multiple vulnerabilities :\n\n - It may be possible to navigate or close the top location in a sandboxed frame. (Issue #42574, #42765)\n\n - A cross-origin error message leak exists. (Issue #69187)\n\n - A memory corruption issue exists with counter nodes.\n (Issue #69628)\n\n - An unspecified issue exists with stale nodes in box layout. (Issue #70027)\n\n - A cross-origin error message leak exists with workers.\n (Issue #70336)\n\n - A use-after-free error exists with DOM URL handling.\n (Issue #70442)\n\n - A same origin policy bypass exists in v8. (Issue #70877)\n\n - It may be possible to bypass the pop-up blocker.\n (Issue #70885, #71167)\n\n - A use-after-free error exists in document script lifetime handling. (Issue #71763)\n\n - An out-of-bounds write issue exists in the OGG container. (Issue #71788)\n\n - A stale pointer exists in table painting. (Issue #72028)\n\n - A corrupt out-of-bounds structure may be used in video code. (Issue #73026)\n\n - It may be possible to crash the application with the DataView object. (Issue #73066)\n\n - A bad cast exists in text rendering. (Issue #73134)\n\n - A stale pointer exists in the WebKit context code.\n (Issue #73196)\n\n - It may be possible for heap addresses to leak in XSLT.\n (Issue #73716)\n\n - A stale pointer exists with SVG cursors. (Issue #73746)\n\n - It is possible for the DOM tree to be corrupted with attribute handling. (Issue #74030)\n\n - An unspecified corruption exists via re-entrancy of RegExp code. (Issue #74662)\n\n - An invalid memory access exists in v8. (Issue #74675)", "cvss3": {"score": null, "vector": null}, "published": "2011-03-09T00:00:00", "type": "nessus", "title": "Google Chrome < 10.0.648.127 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1185", "CVE-2011-1187", "CVE-2011-1188", "CVE-2011-1189", "CVE-2011-1190", "CVE-2011-1191", "CVE-2011-1193", "CVE-2011-1194", "CVE-2011-1195", "CVE-2011-1196", "CVE-2011-1197", "CVE-2011-1198", "CVE-2011-1199", "CVE-2011-1200", "CVE-2011-1201", "CVE-2011-1202", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1285", "CVE-2011-1286"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_10_0_648_127.NASL", "href": "https://www.tenable.com/plugins/nessus/52589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52589);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1185\",\n \"CVE-2011-1187\",\n \"CVE-2011-1188\",\n \"CVE-2011-1189\",\n \"CVE-2011-1190\",\n \"CVE-2011-1191\",\n \"CVE-2011-1193\",\n \"CVE-2011-1194\",\n \"CVE-2011-1195\",\n \"CVE-2011-1196\",\n \"CVE-2011-1197\",\n \"CVE-2011-1198\",\n \"CVE-2011-1199\",\n \"CVE-2011-1200\",\n \"CVE-2011-1201\",\n \"CVE-2011-1202\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1285\",\n \"CVE-2011-1286\"\n );\n script_bugtraq_id(46785, 47668, 50062);\n script_xref(name:\"SECUNIA\", value:\"43683\");\n\n script_name(english:\"Google Chrome < 10.0.648.127 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 10.0.648.127. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - It may be possible to navigate or close the top location\n in a sandboxed frame. (Issue #42574, #42765)\n\n - A cross-origin error message leak exists. (Issue #69187)\n\n - A memory corruption issue exists with counter nodes.\n (Issue #69628)\n\n - An unspecified issue exists with stale nodes in box\n layout. (Issue #70027)\n\n - A cross-origin error message leak exists with workers.\n (Issue #70336)\n\n - A use-after-free error exists with DOM URL handling.\n (Issue #70442)\n\n - A same origin policy bypass exists in v8. (Issue #70877)\n\n - It may be possible to bypass the pop-up blocker.\n (Issue #70885, #71167)\n\n - A use-after-free error exists in document script\n lifetime handling. (Issue #71763)\n\n - An out-of-bounds write issue exists in the OGG\n container. (Issue #71788)\n\n - A stale pointer exists in table painting. (Issue #72028)\n\n - A corrupt out-of-bounds structure may be used in video\n code. (Issue #73026)\n\n - It may be possible to crash the application with the\n DataView object. (Issue #73066)\n\n - A bad cast exists in text rendering. (Issue #73134)\n\n - A stale pointer exists in the WebKit context code.\n (Issue #73196)\n\n - It may be possible for heap addresses to leak in XSLT.\n (Issue #73716)\n\n - A stale pointer exists with SVG cursors. (Issue #73746)\n\n - It is possible for the DOM tree to be corrupted with\n attribute handling. (Issue #74030)\n\n - An unspecified corruption exists via re-entrancy of\n RegExp code. (Issue #74662)\n\n - An invalid memory access exists in v8. (Issue #74675)\");\n # https://chromereleases.googleblog.com/2011/03/chrome-stable-release.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b08665a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 10.0.648.127 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'10.0.648.127', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:01:31", "description": "Versions of Google Chrome earlier than 10.0.648.127 are potentially affected by multiple vulnerabilities :\n\n - It may be possible to navigate or close the top location in a sandboxed frame. (42574, 42765)\n\n - An X server bug exists which could cause the application to crash with long messages. Note that this issue only affects Google Chrome on Linux. (49747)\n\n - It is possible to crash the browser with parallel prints. Note that this issue only affects Google Chrome on Linux. (66962)\n\n - A cross-origin error message leak exists (69187)\n\n - A memory corruption issue exists with counter nodes. (69628)\n\n - An unspecified issue exists with stale nodes in box layout. (70027)\n\n - A cross-origin error message leak exists with workers. (70336)\n\n - A use-after-free error exists with DOM URL handling. (70442)\n\n - An out-of-bounds read exists when handling unicode ranges. (70779)\n\n - A same origin policy bypass exists in V8. (70877)\n\n - It may be possible to bypass the pop-up blocker. (70885, 71167)\n\n - A use-after-free error exists in document script lifetime handling. (71763)\n\n - An out-of-bounds write issue exists in the OGG container. (71788)\n\n - A stale pointer exists in table painting. (72028)\n\n - A corrupt out-of-bounds structure may be used in video code. (73026)\n\n - It may be possible to crash the application with the DataView object. (73066)\n\n - A bad cast exists in text rendering. (73134)\n\n - A stale pointer exists in the WebKit context code. (73196)\n\n - It may be possible for heap addresses to leak in XSLT. (73716)\n\n - A stale pointer exists with SVG cursors. (73746)\n\n - It is possible for the DOM tree to be corrupted with attribute handling. (74030)\n\n - An unspecified corruption exists via re-entrancy of RegExp code. (74662)\n\n - An invalid memory access exists in v8. (74675)", "cvss3": {"score": null, "vector": null}, "published": "2011-03-09T00:00:00", "type": "nessus", "title": "Google Chrome < 10.0.648.127 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1202", "CVE-2011-1196", "CVE-2011-1187", "CVE-2011-1189", "CVE-2011-1188", "CVE-2011-1190", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1185", "CVE-2011-1186", "CVE-2011-1191", "CVE-2011-1192", "CVE-2011-1193", "CVE-2011-1194", "CVE-2011-1195", "CVE-2011-1197", "CVE-2011-1198", "CVE-2011-1199", "CVE-2011-1200", "CVE-2011-1201", "CVE-2011-1285", "CVE-2011-1286", "CVE-2011-1413"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "5812.PASL", "href": "https://www.tenable.com/plugins/nnm/5812", "sourceData": "Binary data 5812.pasl", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:31", "description": "\n\nVersions of Google Chrome earlier than 10.0.648.127 are potentially affected by multiple vulnerabilities :\n\n - It may be possible to navigate or close the top location in a sandboxed frame. (42574, 42765)\n\n - An X server bug exists which could cause the application to crash with long messages. Note that this issue only affects Google Chrome on Linux. (49747)\n\n - It is possible to crash the browser with parallel prints. Note that this issue only affects Google Chrome on Linux. (66962)\n\n - A cross-origin error message leak exists (69187)\n\n - A memory corruption issue exists with counter nodes. (69628)\n\n - An unspecified issue exists with stale nodes in box layout. (70027)\n\n - A cross-origin error message leak exists with workers. (70336)\n\n - A use-after-free error exists with DOM URL handling. (70442)\n\n - An out-of-bounds read exists when handling unicode ranges. (70779)\n\n - A same origin policy bypass exists in V8. (70877)\n\n - It may be possible to bypass the pop-up blocker. (70885, 71167)\n\n - A use-after-free error exists in document script lifetime handling. (71763)\n\n - An out-of-bounds write issue exists in the OGG container. (71788)\n\n - A stale pointer exists in table painting. (72028)\n\n - A corrupt out-of-bounds structure may be used in video code. (73026)\n\n - It may be possible to crash the application with the DataView object. (73066)\n\n - A bad cast exists in text rendering. (73134)\n\n - A stale pointer exists in the WebKit context code. (73196)\n\n - It may be possible for heap addresses to leak in XSLT. (73716)\n\n - A stale pointer exists with SVG cursors. (73746)\n\n - It is possible for the DOM tree to be corrupted with attribute handling. (74030)\n\n - An unspecified corruption exists via re-entrancy of RegExp code. (74662)\n\n - An invalid memory access exists in v8. (74675)", "cvss3": {"score": null, "vector": null}, "published": "2011-03-09T00:00:00", "type": "nessus", "title": "Google Chrome < 10.0.648.127 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1202", "CVE-2011-1196", "CVE-2011-1187", "CVE-2011-1189", "CVE-2011-1188", "CVE-2011-1190", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1185", "CVE-2011-1186", "CVE-2011-1191", "CVE-2011-1192", "CVE-2011-1193", "CVE-2011-1194", "CVE-2011-1195", "CVE-2011-1197", "CVE-2011-1198", "CVE-2011-1199", "CVE-2011-1200", "CVE-2011-1201", "CVE-2011-1285", "CVE-2011-1286", "CVE-2011-1413"], "modified": "2011-03-09T00:00:00", "cpe": [], "id": "800960.PRM", "href": "https://www.tenable.com/plugins/lce/800960", "sourceData": "Binary data 800960.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}