Vulnerabilities > CVE-2013-0912 - Code Injection vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Nessus
NASL family Windows NASL id GOOGLE_CHROME_25_0_1364_160.NASL description The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.160. It includes a vulnerable WebKit version that is affected by a type confusion issue that could allow remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 65097 published 2013-03-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65097 title Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(65097); script_version("1.9"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-0912"); script_bugtraq_id(58388); script_name(english:"Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by a code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.160. It includes a vulnerable WebKit version that is affected by a type confusion issue that could allow remote code execution."); # https://chromereleases.googleblog.com/2013/03/stable-channel-update_7.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff430046"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 25.0.1364.160 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0912"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'25.0.1364.160', severity:SECURITY_HOLE);
NASL family Windows NASL id ITUNES_11_0_3.NASL description The version of Apple iTunes installed on the remote Windows host is older than 11.0.3. It therefore is potentially affected by several issues : - An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014) - The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 66498 published 2013-05-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66498 title Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66498); script_version("1.14"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2012-2824", "CVE-2012-2857", "CVE-2012-3748", "CVE-2012-5112", "CVE-2013-0879", "CVE-2013-0912", "CVE-2013-0948", "CVE-2013-0949", "CVE-2013-0950", "CVE-2013-0951", "CVE-2013-0952", "CVE-2013-0953", "CVE-2013-0954", "CVE-2013-0955", "CVE-2013-0956", "CVE-2013-0958", "CVE-2013-0959", "CVE-2013-0960", "CVE-2013-0961", "CVE-2013-0991", "CVE-2013-0992", "CVE-2013-0993", "CVE-2013-0994", "CVE-2013-0995", "CVE-2013-0996", "CVE-2013-0997", "CVE-2013-0998", "CVE-2013-0999", "CVE-2013-1000", "CVE-2013-1001", "CVE-2013-1002", "CVE-2013-1003", "CVE-2013-1004", "CVE-2013-1005", "CVE-2013-1006", "CVE-2013-1007", "CVE-2013-1008", "CVE-2013-1010", "CVE-2013-1011", "CVE-2013-1014" ); script_bugtraq_id( 54203, 54749, 55867, 56362, 57576, 57580, 57581, 57582, 57584, 57585, 57586, 57587, 57588, 57589, 57590, 58388, 58495, 58496, 59941, 59944, 59953, 59954, 59955, 59956, 59957, 59958, 59959, 59960, 59963, 59964, 59965, 59967, 59970, 59971, 59972, 59973, 59974, 59976, 59977 ); script_xref(name:"EDB-ID", value:"28081"); script_name(english:"Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks version of iTunes on Windows"); script_set_attribute(attribute:"synopsis", value: "The remote host contains an application that has multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple iTunes installed on the remote Windows host is older than 11.0.3. It therefore is potentially affected by several issues : - An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014) - The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-107/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-108/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-109/"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5766"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/526623/30/0/threaded"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple iTunes 11.0.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5112"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("itunes_detect.nasl"); script_require_keys("SMB/iTunes/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/iTunes/Version"); fixed_version = "11.0.3.42"; path = get_kb_item_or_exit("SMB/iTunes/Path"); if (ver_compare(ver:version, fix:fixed_version) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : '+path+ '\n Installed version : '+version+ '\n Fixed version : '+fixed_version+'\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI6_0_4.NASL description The version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.4. It is, therefore, affected by an arbitrary code execution vulnerability in WebKit related to handling SVG files that can be exploited by tricking a victim into visiting a specially crafted web page. last seen 2020-06-01 modified 2020-06-02 plugin id 66000 published 2013-04-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66000 title Mac OS X : Apple Safari < 6.0.4 SVG File Handling Arbitrary Code Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66000); script_version("1.6"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-0912"); script_bugtraq_id(58388); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-04-16-1"); script_name(english:"Mac OS X : Apple Safari < 6.0.4 SVG File Handling Arbitrary Code Execution"); script_summary(english:"Check the Safari SourceVersion"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.4. It is, therefore, affected by an arbitrary code execution vulnerability in WebKit related to handling SVG files that can be exploited by tricking a victim into visiting a specially crafted web page."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5701"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple Safari 6.0.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0912"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.[78]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.7 / 10.8"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); fixed_version = "6.0.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-16.NASL description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70112 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70112 title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-16. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70112); script_version("1.26"); script_cvs_date("Date: 2018/07/12 15:01:52"); script_cve_id("CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5118", "CVE-2012-5120", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128", "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138", "CVE-2012-5139", "CVE-2012-5140", "CVE-2012-5141", "CVE-2012-5142", "CVE-2012-5143", "CVE-2012-5144", "CVE-2012-5145", "CVE-2012-5146", "CVE-2012-5147", "CVE-2012-5148", "CVE-2012-5149", "CVE-2012-5150", "CVE-2012-5151", "CVE-2012-5152", "CVE-2012-5153", "CVE-2012-5154", "CVE-2013-0828", "CVE-2013-0829", "CVE-2013-0830", "CVE-2013-0831", "CVE-2013-0832", "CVE-2013-0833", "CVE-2013-0834", "CVE-2013-0835", "CVE-2013-0836", "CVE-2013-0837", "CVE-2013-0838", "CVE-2013-0839", "CVE-2013-0840", "CVE-2013-0841", "CVE-2013-0842", "CVE-2013-0879", "CVE-2013-0880", "CVE-2013-0881", "CVE-2013-0882", "CVE-2013-0883", "CVE-2013-0884", "CVE-2013-0885", "CVE-2013-0887", "CVE-2013-0888", "CVE-2013-0889", "CVE-2013-0890", "CVE-2013-0891", "CVE-2013-0892", "CVE-2013-0893", "CVE-2013-0894", "CVE-2013-0895", "CVE-2013-0896", "CVE-2013-0897", "CVE-2013-0898", "CVE-2013-0899", "CVE-2013-0900", "CVE-2013-0902", "CVE-2013-0903", "CVE-2013-0904", "CVE-2013-0905", "CVE-2013-0906", "CVE-2013-0907", "CVE-2013-0908", "CVE-2013-0909", "CVE-2013-0910", "CVE-2013-0911", "CVE-2013-0912", "CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926", "CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849", "CVE-2013-2853", "CVE-2013-2855", "CVE-2013-2856", "CVE-2013-2857", "CVE-2013-2858", "CVE-2013-2859", "CVE-2013-2860", "CVE-2013-2861", "CVE-2013-2862", "CVE-2013-2863", "CVE-2013-2865", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2874", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880", "CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886", "CVE-2013-2887", "CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905"); script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891); script_xref(name:"GLSA", value:"201309-16"); script_name(english:"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time." ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0b9b0b08" ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2f59319e" ); # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ee73f07e" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-16" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-29.0.1457.57' All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 29.0.1457.57"), vulnerable:make_list("lt 29.0.1457.57"))) flag++; if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.18.5.14"), vulnerable:make_list("lt 3.18.5.14"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_54BED67687CE11E2B52800262D5ED8EE.NASL description Google Chrome Releases reports : [180763] High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs. last seen 2020-06-01 modified 2020-06-02 plugin id 65170 published 2013-03-10 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65170 title FreeBSD : chromium -- WebKit vulnerability (54bed676-87ce-11e2-b528-00262d5ed8ee) NASL family Peer-To-Peer File Sharing NASL id ITUNES_11_0_3_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 11.0.3. It is, therefore, affected by multiple vulnerabilities : - An error exists related to certificate validation. A man-in-the-middle attacker can exploit this to spoof HTTPS servers, which allows the disclosure of sensitive information or the application to trust data from untrusted sources. Note that this issue affects the application regardless of the operating system. (CVE-2013-1014) - The version of WebKit included in iTunes contains several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 66499 published 2013-05-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66499 title Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)
Oval
accepted | 2013-08-12T04:08:21.700-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16274 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-04-08T11:33:10.582-04:00 | ||||||||||||
title | WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | ||||||||||||
version | 43 |
References
- http://labs.mwrinfosecurity.com/blog/2013/03/06/pwn2own-at-cansecwest-2013/
- http://twitter.com/thezdi/statuses/309460019131346944
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
- http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_7.html
- https://code.google.com/p/chromium/issues/detail?id=180763
- http://support.apple.com/kb/HT5704
- http://lists.apple.com/archives/security-announce/2013/Apr/msg00000.html
- http://support.apple.com/kb/HT5701
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16274
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157