Vulnerabilities > CVE-2012-2857 - Resource Management Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Vulnerable Configurations

Part Description Count
OS
Apple
109
OS
Microsoft
1
OS
Linux
1
Application
Google
2377

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201208-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201208-03 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, disclosure of sensitive information, or other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id61542
    published2012-08-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61542
    titleGLSA-201208-03 : Chromium: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201208-03.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61542);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2012-2815", "CVE-2012-2817", "CVE-2012-2818", "CVE-2012-2819", "CVE-2012-2820", "CVE-2012-2821", "CVE-2012-2823", "CVE-2012-2824", "CVE-2012-2825", "CVE-2012-2826", "CVE-2012-2829", "CVE-2012-2830", "CVE-2012-2831", "CVE-2012-2834", "CVE-2012-2842", "CVE-2012-2843", "CVE-2012-2846", "CVE-2012-2847", "CVE-2012-2848", "CVE-2012-2849", "CVE-2012-2853", "CVE-2012-2854", "CVE-2012-2857", "CVE-2012-2858", "CVE-2012-2859", "CVE-2012-2860");
      script_bugtraq_id(54203, 54386, 54749);
      script_xref(name:"GLSA", value:"201208-03");
    
      script_name(english:"GLSA-201208-03 : Chromium: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201208-03
    (Chromium: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium. Please review
          the CVE identifiers and release notes referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted web
          site using Chromium, possibly resulting in the execution of arbitrary
          code with the privileges of the process, a Denial of Service condition,
          disclosure of sensitive information, or other unspecified impact.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a188005b"
      );
      # https://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5d5db751"
      );
      # https://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e90fa04b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201208-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/chromium-21.0.1180.57'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 21.0.1180.57"), vulnerable:make_list("lt 21.0.1180.57"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium");
    }
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_21_0_1180_60.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 21.0.1180.60 and is, therefore, affected by the following vulnerabilities : - Re-prompts are not displayed for excessive downloads. (CVE-2012-2847) - Drag and drop file access restrictions are not restrictive enough. (CVE-2012-2848) - An off-by-one read error exists related to GIF decoding. (CVE-2012-2849) - Various, unspecified errors exist related to PDF processing. (CVE-2012-2850) - Various, unspecified integer overflows exist related to PDF processing. (CVE-2012-2851) - A use-after-free error exists related to object linkage and PDF processing. (CVE-2012-2852) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id61381
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61381
    titleGoogle Chrome < 21.0.1180.60 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61381);
      script_version("1.10");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-2847",
        "CVE-2012-2848",
        "CVE-2012-2849",
        "CVE-2012-2850",
        "CVE-2012-2851",
        "CVE-2012-2852",
        "CVE-2012-2853",
        "CVE-2012-2854",
        "CVE-2012-2855",
        "CVE-2012-2856",
        "CVE-2012-2857",
        "CVE-2012-2858",
        "CVE-2012-2860"
      );
      script_bugtraq_id(54749);
    
      script_name(english:"Google Chrome < 21.0.1180.60 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is earlier
    than 21.0.1180.60 and is, therefore, affected by the following
    vulnerabilities :
    
      - Re-prompts are not displayed for excessive
        downloads. (CVE-2012-2847)
    
      - Drag and drop file access restrictions are not
        restrictive enough. (CVE-2012-2848)
    
      - An off-by-one read error exists related to GIF
        decoding. (CVE-2012-2849)
    
      - Various, unspecified errors exist related to PDF
        processing. (CVE-2012-2850)
    
      - Various, unspecified integer overflows exist related
        to PDF processing. (CVE-2012-2851)
    
      - A use-after-free error exists related to object linkage
        and PDF processing. (CVE-2012-2852)
    
      - An error exists related to 'webRequest' and 'Chrome Web
        Store' interference. (CVE-2012-2853)
    
      - Pointer values can be leaked to 'WebUI' renderers.
        (CVE-2012-2854)
    
      - An unspecified use-after-free error exists related to
        PDF processing. (CVE-2012-2855)
    
      - Unspecified out-of-bounds reads exist related to the
        PDF viewer. (CVE-2012-2856)
    
      - A use-after-free error exists related to CSS DOM
        processing. (CVE-2012-2857)
    
      - A buffer overflow exists related to 'WebP' decoding.
        (CVE-2012-2858)
    
      - An out-of-bounds access error exists related to the
        date picker. (CVE-2012-2860)");
      # https://chromereleases.googleblog.com/2012/07/stable-channel-release.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f12f62f1");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 21.0.1180.60 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2856");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'21.0.1180.60', severity:SECURITY_HOLE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CE84E136E2F611E1A8CA00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [Linux only] [125225] Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes). [127522] Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. [127525] Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security. [128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG. [130251] [130592] [130611] [131068] [131237] [131252] [131621] [131690] [132860] Medium CVE-2012-2850: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [132585] [132694] [132861] High CVE-2012-2851: Integer overflows in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [134028] High CVE-2012-2852: Use-after-free with bad object linkage in PDF. Credit to Alexey Samsonov of Google. [134101] Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock. [134519] Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community. [134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to Arthur Gerkis. [136894] High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Juri Aedla. [Linux only] [137541] Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team. [137671] Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva.
    last seen2020-06-01
    modified2020-06-02
    plugin id61505
    published2012-08-13
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61505
    titleFreeBSD : chromium -- multiple vulnerabilities (ce84e136-e2f6-11e1-a8ca-00262d5ed8ee)
  • NASL familyWindows
    NASL idITUNES_11_0_3.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 11.0.3. It therefore is potentially affected by several issues : - An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014) - The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id66498
    published2013-05-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66498
    titleApple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI6_0_3.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.3. It is, therefore, potentially affected by several issues : - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2012-2824 / CVE-2012-2857 / CVE-2013-0948 / CVE-2013-0949 / CVE-2013-0950 / CVE-2013-0951 / CVE-2013-0952 / CVE-2013-0953 / CVE-2013-0954 / CVE-2013-0955 / CVE-2013-0956 / CVE-2013-0958 / CVE-2013-0959 / CVE-2013-0960 / CVE-2013-0961) - A cross-site scripting issue exists in WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id65579
    published2013-03-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65579
    titleMac OS X : Apple Safari < 6.0.3 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_11_0_3_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 11.0.3. It is, therefore, affected by multiple vulnerabilities : - An error exists related to certificate validation. A man-in-the-middle attacker can exploit this to spoof HTTPS servers, which allows the disclosure of sensitive information or the application to trust data from untrusted sources. Note that this issue affects the application regardless of the operating system. (CVE-2013-1014) - The version of WebKit included in iTunes contains several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id66499
    published2013-05-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66499
    titleApple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2013-08-12T04:07:26.764-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
familywindows
idoval:org.mitre.oval:def:15336
statusaccepted
submitted2012-08-07T08:15:36.262-04:00
titleUse-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame
version44