Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to the Google Chrome 17.0.963.56 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- An integer overflow in libpng, PDF codecs.
- Bad cast in column handling.
- Out-of-bounds read in h.264 parsing.
- Use-after-free with drag and drop.
- Use-after-free in subframe loading.
- An error within Native Client validator implementation.
- Heap buffer overflow while handling MVK file.
- Use-after-free error while handling database.
- Heap overflow in path rendering.
Affected
Google Chrome version prior to 17.0.963.56 on Windows
References
Severity
Classification
-
CVE CVE-2011-3015, CVE-2011-3016, CVE-2011-3017, CVE-2011-3018, CVE-2011-3019, CVE-2011-3020, CVE-2011-3021, CVE-2011-3023, CVE-2011-3024, CVE-2011-3025, CVE-2011-3026, CVE-2011-3027 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows