Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to privilege escalation vulnerability

Impact

Successful exploitation will let the local attacker to execute arbitrary code with an elevated privileges. Impact Level: System/Application

Solution

Upgrade to the Google Chrome 17 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to an error in the Mozilla Network Security Services (NSS) library, which can be exploited by sending Trojan horse pkcs11.txt file in a top-level directory.

Affected

Google Chrome version 16.0.912.21 and prior on Windows

References

http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
https://bugzilla.mozilla.org/show_bug.cgi?id=641052

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3640

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)

Take action and discover your vulnerabilities