Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code, cause a denial of service, and disclose potentially sensitive information, other attacks may also be possible.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 15.0.874.120 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple vulnerabilities are due to,
- A double free error in the Theora decoder exists when handling a crafted stream.
- An error in implementing the MKV and Vorbis media handlers.
- A memory corruption regression error in VP8 decoding when handling a crafted stream.
- Heap overflow in the Vorbis decoder when handling a crafted stream.
- Buffer overflow error in the shader variable mapping.
- A use-after-free error exists related to editing.
- Fails to ask permission to run applets in Java Runtime Environment (JRE) 7.
Affected
Google Chrome version prior to 15.0.874.120 on Windows
References
Severity
Classification
-
CVE CVE-2011-3892, CVE-2011-3893, CVE-2011-3894, CVE-2011-3895, CVE-2011-3896, CVE-2011-3897, CVE-2011-3898 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)