Vulnerabilities > CVE-2013-2842 - Resource Management Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
google
CWE-399
nessus
exploit available

Summary

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

Vulnerable Configurations

Part Description Count
OS
Apple
112
Application
Google
2877

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGoogle Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC. CVE-2013-2842. Dos exploit for OSX platform
idEDB-ID:40243
last seen2016-08-16
modified2013-04-04
published2013-04-04
reporterGoogle Security Research
titleGoogle Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_358133B5C2B911E2A73800262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek. [235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. [230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. [230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. [227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. [226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. [222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. [196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). [188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. [177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. [176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. [176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. [171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. [241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.
    last seen2020-06-01
    modified2020-06-02
    plugin id66549
    published2013-05-23
    reporterThis script is Copyright (C) 2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66549
    titleFreeBSD : chromium -- multiple vulnerabilities (358133b5-c2b9-11e2-a738-00262d5ed8ee)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2013 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66549);
      script_version("$Revision: 1.4 $");
      script_cvs_date("$Date: 2013/06/21 23:48:19 $");
    
      script_cve_id("CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849");
    
      script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (358133b5-c2b9-11e2-a738-00262d5ed8ee)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Google Chrome Releases reports :
    
    [235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir
    Blazek.
    
    [235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to
    Christian Holler.
    
    [230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to
    Jon of MWR InfoSecurity.
    
    [230117] High CVE-2013-2840: Use-after-free in media loader. Credit to
    Nils of MWR InfoSecurity.
    
    [227350] High CVE-2013-2841: Use-after-free in Pepper resource
    handling. Credit to Chamal de Silva.
    
    [226696] High CVE-2013-2842: Use-after-free in widget handling. Credit
    to Cyril Cattiaux.
    
    [222000] High CVE-2013-2843: Use-after-free in speech handling. Credit
    to Khalil Zhani.
    
    [196393] High CVE-2013-2844: Use-after-free in style resolution.
    Credit to Sachin Shinde (@cons0ul).
    
    [188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety
    issues in Web Audio. Credit to Atte Kettunen of OUSPG.
    
    [177620] High CVE-2013-2846: Use-after-free in media loader. Credit to
    Chamal de Silva.
    
    [176692] High CVE-2013-2847: Use-after-free race condition with
    workers. Credit to Collin Payne.
    
    [176137] Medium CVE-2013-2848: Possible data extraction with XSS
    Auditor. Credit to Egor Homakov.
    
    [171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
    Credit to Mario Heiderich.
    
    [241595] High CVE-2013-2836: Various fixes from internal audits,
    fuzzing and other initiatives."
      );
      # http://googlechromereleases.blogspot.nl/search/Stable%20Updates
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6bd43a3e"
      );
      # http://www.freebsd.org/ports/portaudit/358133b5-c2b9-11e2-a738-00262d5ed8ee.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?151e7dec"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"chromium<27.0.1453.93")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_27_0_1453_93.NASL
    descriptionThe version of Google Chrome installed on the remote host is a version prior to 27.0.1453.93 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist in SVG, media loader, Pepper resource handling, widget handling, speech handling, style resolution, media loader, and related to race condition with workers. (CVE-2013-2837, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2846, CVE-2013-2847) - An out-of-bounds read error exists in v8. (CVE-2013-2838) - A memory corruption vulnerability exists related to a bad casting in clipboard handling. (CVE-2013-2839) - A memory safety issue exists related to Web Audio. (CVE-2013-2845) - An information disclosure vulnerability exists related to XSS Auditor. (CVE-2013-2848) - A cross-site scripting vulnerability exists related to drag and drop or copy and paste. (CVE-2013-2849)
    last seen2020-06-01
    modified2020-06-02
    plugin id66556
    published2013-05-23
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66556
    titleGoogle Chrome < 27.0.1453.93 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66556);
      script_version("1.18");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-2836",
        "CVE-2013-2837",
        "CVE-2013-2838",
        "CVE-2013-2839",
        "CVE-2013-2840",
        "CVE-2013-2841",
        "CVE-2013-2842",
        "CVE-2013-2843",
        "CVE-2013-2844",
        "CVE-2013-2845",
        "CVE-2013-2846",
        "CVE-2013-2847",
        "CVE-2013-2848",
        "CVE-2013-2849"
      );
      script_bugtraq_id(
        60062,
        60063,
        60064,
        60065,
        60066,
        60067,
        60068,
        60069,
        60070,
        60071,
        60072,
        60073,
        60074,
        60076
      );
    
      script_name(english:"Google Chrome < 27.0.1453.93 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is a version
    prior to 27.0.1453.93 and is, therefore, affected by the following
    vulnerabilities :
    
      - Use-after-free errors exist in SVG, media loader,
        Pepper resource handling, widget handling, speech
        handling, style resolution, media loader, and related to
        race condition with workers.  (CVE-2013-2837,
        CVE-2013-2840, CVE-2013-2841, CVE-2013-2842,
        CVE-2013-2843, CVE-2013-2844, CVE-2013-2846,
        CVE-2013-2847)
    
      - An out-of-bounds read error exists in v8.
        (CVE-2013-2838)
    
      - A memory corruption vulnerability exists related to
        a bad casting in clipboard handling.  (CVE-2013-2839)
    
      - A memory safety issue exists related to Web Audio.
        (CVE-2013-2845)
    
      - An information disclosure vulnerability exists related
        to XSS Auditor.  (CVE-2013-2848)
    
      - A cross-site scripting vulnerability exists related to
        drag and drop or copy and paste.  (CVE-2013-2849)");
      # https://chromereleases.googleblog.com/2013/05/stable-channel-release.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?20897151");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 27.0.1453.93 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2846");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'27.0.1453.93', xss:TRUE, severity:SECURITY_HOLE);
    
  • NASL familyWindows
    NASL idITUNES_11_1_4.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues : - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id72104
    published2014-01-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72104
    titleApple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72104);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2011-3102",
        "CVE-2012-0841",
        "CVE-2012-2807",
        "CVE-2012-2825",
        "CVE-2012-2870",
        "CVE-2012-2871",
        "CVE-2012-5134",
        "CVE-2013-1024",
        "CVE-2013-1037",
        "CVE-2013-1038",
        "CVE-2013-1039",
        "CVE-2013-1040",
        "CVE-2013-1041",
        "CVE-2013-1042",
        "CVE-2013-1043",
        "CVE-2013-1044",
        "CVE-2013-1045",
        "CVE-2013-1046",
        "CVE-2013-1047",
        "CVE-2013-2842",
        "CVE-2013-5125",
        "CVE-2013-5126",
        "CVE-2013-5127",
        "CVE-2013-5128",
        "CVE-2014-1242"
      );
      script_bugtraq_id(
        52107,
        53540,
        54203,
        54718,
        55331,
        56684,
        60067,
        60368,
        62551,
        62553,
        62554,
        62556,
        62557,
        62558,
        62559,
        62560,
        62563,
        62565,
        62567,
        62568,
        62569,
        62570,
        62571,
        65088
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-01-22-1");
    
      script_name(english:"Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks version of iTunes on Windows");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    older than 11.1.4. It is, therefore, potentially affected by several
    issues :
    
      - The included versions of WebKit, libxml, and libxslt
        contain several errors that could lead to memory
        corruption and possibly arbitrary code execution. The
        vendor notes that one possible attack vector is a
        man-in-the-middle attack while the application browses
        the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841,
        CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,
        CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,
        CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
        CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
        CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
        CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
        CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    
      - An error exists related to text tracks in movie files
        that could allow denial of service or arbitrary code
        execution. (CVE-2013-1024)
    
      - An error exists related to the iTunes Tutorials window
        that could allow an attacker in a privileged network
        location to inject content. (CVE-2014-1242)");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6001");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/530870/30/0/threaded");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 11.1.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("SMB/iTunes/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/iTunes/Version");
    path = get_kb_item_or_exit("SMB/iTunes/Path");
    
    fixed_version = "11.1.4.62";
    if (ver_compare(ver:version, fix:fixed_version) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version+
          '\n  Fixed version     : '+fixed_version+'\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2695.NASL
    descriptionSeveral vulnerabilities have been discovered in the Chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. - CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2013-2838 Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - CVE-2013-2839 Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. - CVE-2013-2840 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. - CVE-2013-2841 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. - CVE-2013-2842 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. - CVE-2013-2843 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. - CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. - CVE-2013-2845 The Web Audio implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. - CVE-2013-2846 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. - CVE-2013-2847 Race condition in the workers implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. - CVE-2013-2848 The XSS Auditor in Chromium before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. - CVE-2013-2849 Multiple cross-site scripting (XSS) vulnerabilities in Chromium before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
    last seen2020-03-17
    modified2013-05-30
    plugin id66676
    published2013-05-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66676
    titleDebian DSA-2695-1 : chromium-browser - several issues
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2695. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66676);
      script_version("1.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849");
      script_bugtraq_id(60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076);
      script_xref(name:"DSA", value:"2695");
    
      script_name(english:"Debian DSA-2695-1 : chromium-browser - several issues");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Chromium web
    browser. Multiple use-after-free, out-of-bounds read, memory safety,
    and cross-site scripting issues were discovered and corrected.
    
      - CVE-2013-2837
        Use-after-free vulnerability in the SVG implementation
        allows remote attackers to cause a denial of service or
        possibly have unspecified other impact via unknown
        vectors.
    
      - CVE-2013-2838
        Google V8, as used in Chromium before 27.0.1453.93,
        allows remote attackers to cause a denial of service
        (out-of-bounds read) via unspecified vectors.
    
      - CVE-2013-2839
        Chromium before 27.0.1453.93 does not properly perform a
        cast of an unspecified variable during handling of
        clipboard data, which allows remote attackers to cause a
        denial of service or possibly have other impact via
        unknown vectors.
    
      - CVE-2013-2840
        Use-after-free vulnerability in the media loader in
        Chromium before 27.0.1453.93 allows remote attackers to
        cause a denial of service or possibly have unspecified
        other impact via unknown vectors, a different
        vulnerability than CVE-2013-2846.
    
      - CVE-2013-2841
        Use-after-free vulnerability in Chromium before
        27.0.1453.93 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact via
        vectors related to the handling of Pepper resources.
    
      - CVE-2013-2842
        Use-after-free vulnerability in Chromium before
        27.0.1453.93 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact via
        vectors related to the handling of widgets.
    
      - CVE-2013-2843
        Use-after-free vulnerability in Chromium before
        27.0.1453.93 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact via
        vectors related to the handling of speech data.
    
      - CVE-2013-2844
        Use-after-free vulnerability in the Cascading Style
        Sheets (CSS) implementation in Chromium before
        27.0.1453.93 allows remote attackers to cause a denial
        of service or possibly have unspecified other impact via
        vectors related to style resolution.
    
      - CVE-2013-2845
        The Web Audio implementation in Chromium before
        27.0.1453.93 allows remote attackers to cause a denial
        of service (memory corruption) or possibly have
        unspecified other impact via unknown vectors.
    
      - CVE-2013-2846
        Use-after-free vulnerability in the media loader in
        Chromium before 27.0.1453.93 allows remote attackers to
        cause a denial of service or possibly have unspecified
        other impact via unknown vectors, a different
        vulnerability than CVE-2013-2840.
    
      - CVE-2013-2847
        Race condition in the workers implementation in Chromium
        before 27.0.1453.93 allows remote attackers to cause a
        denial of service (use-after-free and application crash)
        or possibly have unspecified other impact via unknown
        vectors.
    
      - CVE-2013-2848
        The XSS Auditor in Chromium before 27.0.1453.93 might
        allow remote attackers to obtain sensitive information
        via unspecified vectors.
    
      - CVE-2013-2849
        Multiple cross-site scripting (XSS) vulnerabilities in
        Chromium before 27.0.1453.93 allow user-assisted remote
        attackers to inject arbitrary web script or HTML via
        vectors involving a (1) drag-and-drop or (2)
        copy-and-paste operation."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/chromium-browser"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2695"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the chromium-browser packages.
    
    For the oldstable distribution (squeeze), the security support window
    for Chromium has ended. Users of Chromium on oldstable are very highly
    encouraged to upgrade to the current stable Debian release (wheezy).
    Chromium security support for wheezy will last until the next stable
    release (jessie), which is expected to happen sometime in 2015.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 27.0.1453.93-1~deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-browser");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"chromium", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-dbg", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-inspector", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-browser-l10n", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-dbg", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-inspector", reference:"27.0.1453.93-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"chromium-l10n", reference:"27.0.1453.93-1~deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI6_1.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.1. It is, therefore, potentially affected by several issues : - A bounds-checking issue exists related to handling XML files. (CVE-2013-1036) - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848) - A cross-site scripting issue exists in WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id70563
    published2013-10-23
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70563
    titleMac OS X : Apple Safari < 6.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70563);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1036",
        "CVE-2013-1037",
        "CVE-2013-1038",
        "CVE-2013-1039",
        "CVE-2013-1040",
        "CVE-2013-1041",
        "CVE-2013-1042",
        "CVE-2013-1043",
        "CVE-2013-1044",
        "CVE-2013-1045",
        "CVE-2013-1046",
        "CVE-2013-1047",
        "CVE-2013-2842",
        "CVE-2013-2848",
        "CVE-2013-5125",
        "CVE-2013-5126",
        "CVE-2013-5127",
        "CVE-2013-5128",
        "CVE-2013-5129",
        "CVE-2013-5130",
        "CVE-2013-5131",
        "CVE-2013-7127"
      );
      script_bugtraq_id(
        60067,
        60073,
        62537,
        62539,
        62541,
        62551,
        62553,
        62554,
        62556,
        62557,
        62558,
        62559,
        62560,
        62563,
        62565,
        62567,
        62568,
        62569,
        62570,
        62571,
        63289,
        64409
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-2");
    
      script_name(english:"Mac OS X : Apple Safari < 6.1 Multiple Vulnerabilities");
      script_summary(english:"Check the Safari SourceVersion");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Safari installed on the remote Mac OS X 10.7 or
    10.8 host is earlier than 6.1. It is, therefore, potentially affected
    by several issues :
    
      - A bounds-checking issue exists related to handling XML
        files. (CVE-2013-1036)
    
      - Multiple memory corruption vulnerabilities exist in
        WebKit that could lead to unexpected program termination
        or arbitrary code execution. (CVE-2013-1037,
        CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
        CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
        CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
        CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
        CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
    
      - An error exists related to URL handling that could lead
        to information disclosure. (CVE-2013-2848)
    
      - A cross-site scripting issue exists in WebKit's handling
        of URLs and drag-and-drop operations. (CVE-2013-5129,
        CVE-2013-5131)
    
      - Using 'Web Inspector' could negate 'Private Browsing'
        protections leading to information disclosure.
        (CVE-2013-5130)
    
      - An error exists related to the 'Reopen All Windows
        from Last Session' feature that could allow a local
        attacker to obtain plaintext user ID and password
        information from the 'LastSession.plist' file.
        (CVE-2013-7127)");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6000");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html");
      script_set_attribute(attribute:"see_also", value:"http://www.securelist.com/en/blog/8168/Loophole_in_Safari");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple Safari 6.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    if (!ereg(pattern:"Mac OS X 10\.[78]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.7 / 10.8");
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    fixed_version = "6.1";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      set_kb_item(name:"www/0/XSS", value:TRUE);
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_11_1_2_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities : - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id70589
    published2013-10-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70589
    titleApple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70589);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2011-3102",
        "CVE-2012-0841",
        "CVE-2012-2807",
        "CVE-2012-2825",
        "CVE-2012-2870",
        "CVE-2012-2871",
        "CVE-2012-5134",
        "CVE-2013-1024",
        "CVE-2013-1037",
        "CVE-2013-1038",
        "CVE-2013-1039",
        "CVE-2013-1040",
        "CVE-2013-1041",
        "CVE-2013-1042",
        "CVE-2013-1043",
        "CVE-2013-1044",
        "CVE-2013-1045",
        "CVE-2013-1046",
        "CVE-2013-1047",
        "CVE-2013-2842",
        "CVE-2013-5125",
        "CVE-2013-5126",
        "CVE-2013-5127",
        "CVE-2013-5128"
      );
      script_bugtraq_id(
        52107,
        53540,
        54203,
        54718,
        55331,
        56684,
        60067,
        60368,
        62551,
        62553,
        62554,
        62556,
        62557,
        62558,
        62559,
        62560,
        62563,
        62565,
        62567,
        62568,
        62569,
        62570,
        62571
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-8");
    
      script_name(english:"Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a multimedia application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes on the remote host is prior to version
    11.1.2. It is, therefore, affected by multiple vulnerabilities :
    
      - An uninitialized memory access error exists in the
        handling of text tracks. By using a specially crafted
        movie file, a remote attacker can exploit this to cause
        a denial of service or execute arbitrary code.
        (CVE-2013-1024)
    
      - The included versions of the WebKit, libxml, and libxslt
        components in iTunes contain several errors that can
        lead to memory corruption and arbitrary code execution.
        The vendor states that one possible vector is a man-in-
        the-middle attack while the application browses the
        'iTunes Store'.
        (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,
        CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,
        CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,
        CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,
        CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,
        CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,
        CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,
        CVE-2013-5127, CVE-2013-5128)");
      # https://web.archive.org/web/20131026094619/http://support.apple.com/kb/HT6001
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c88f1609");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 11.1.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/24");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("iTunes/sharing");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    get_kb_item_or_exit("iTunes/" + port + "/enabled");
    
    type = get_kb_item_or_exit("iTunes/" + port + "/type");
    source = get_kb_item_or_exit("iTunes/" + port + "/source");
    version = get_kb_item_or_exit("iTunes/" + port + "/version");
    
    if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");
    
    fixed_version = "11.1.2";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
    
  • NASL familyWindows
    NASL idITUNES_11_1_2.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues : - An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution. (CVE-2013-1024) - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id70588
    published2013-10-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70588
    titleApple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70588);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2011-3102",
        "CVE-2012-0841",
        "CVE-2012-2807",
        "CVE-2012-2825",
        "CVE-2012-2870",
        "CVE-2012-2871",
        "CVE-2012-5134",
        "CVE-2013-1024",
        "CVE-2013-1037",
        "CVE-2013-1038",
        "CVE-2013-1039",
        "CVE-2013-1040",
        "CVE-2013-1041",
        "CVE-2013-1042",
        "CVE-2013-1043",
        "CVE-2013-1044",
        "CVE-2013-1045",
        "CVE-2013-1046",
        "CVE-2013-1047",
        "CVE-2013-2842",
        "CVE-2013-5125",
        "CVE-2013-5126",
        "CVE-2013-5127",
        "CVE-2013-5128"
      );
      script_bugtraq_id(
        52107,
        53540,
        54203,
        54718,
        55331,
        56684,
        60067,
        60368,
        62551,
        62553,
        62554,
        62556,
        62557,
        62558,
        62559,
        62560,
        62563,
        62565,
        62567,
        62568,
        62569,
        62570,
        62571
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-8");
    
      script_name(english:"Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks version of iTunes on Windows");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    older than 11.1.2. It is, therefore, potentially affected by several
    issues :
    
      - An uninitialized memory access issue exists in the
        handling of text tracks, which could lead to memory
        corruption and possibly arbitrary code execution.
        (CVE-2013-1024)
    
      - The included versions of WebKit, libxml, and libxslt
        contain several errors that could lead to memory
        corruption and possibly arbitrary code execution. The
        vendor notes that one possible attack vector is a
        man-in-the-middle attack while the application browses
        the 'iTunes Store'.
        (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,
        CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,
        CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,
        CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,
        CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,
        CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,
        CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,
        CVE-2013-5127, CVE-2013-5128)");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6001");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 11.1.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("SMB/iTunes/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/iTunes/Version");
    fixed_version = "11.1.2.31";
    path = get_kb_item_or_exit("SMB/iTunes/Path");
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version+
          '\n  Fixed version     : '+fixed_version+'\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70112
    published2013-09-25
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70112
    titleGLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-16.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70112);
      script_version("1.26");
      script_cvs_date("Date: 2018/07/12 15:01:52");
    
      script_cve_id("CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5118", "CVE-2012-5120", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128", "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138", "CVE-2012-5139", "CVE-2012-5140", "CVE-2012-5141", "CVE-2012-5142", "CVE-2012-5143", "CVE-2012-5144", "CVE-2012-5145", "CVE-2012-5146", "CVE-2012-5147", "CVE-2012-5148", "CVE-2012-5149", "CVE-2012-5150", "CVE-2012-5151", "CVE-2012-5152", "CVE-2012-5153", "CVE-2012-5154", "CVE-2013-0828", "CVE-2013-0829", "CVE-2013-0830", "CVE-2013-0831", "CVE-2013-0832", "CVE-2013-0833", "CVE-2013-0834", "CVE-2013-0835", "CVE-2013-0836", "CVE-2013-0837", "CVE-2013-0838", "CVE-2013-0839", "CVE-2013-0840", "CVE-2013-0841", "CVE-2013-0842", "CVE-2013-0879", "CVE-2013-0880", "CVE-2013-0881", "CVE-2013-0882", "CVE-2013-0883", "CVE-2013-0884", "CVE-2013-0885", "CVE-2013-0887", "CVE-2013-0888", "CVE-2013-0889", "CVE-2013-0890", "CVE-2013-0891", "CVE-2013-0892", "CVE-2013-0893", "CVE-2013-0894", "CVE-2013-0895", "CVE-2013-0896", "CVE-2013-0897", "CVE-2013-0898", "CVE-2013-0899", "CVE-2013-0900", "CVE-2013-0902", "CVE-2013-0903", "CVE-2013-0904", "CVE-2013-0905", "CVE-2013-0906", "CVE-2013-0907", "CVE-2013-0908", "CVE-2013-0909", "CVE-2013-0910", "CVE-2013-0911", "CVE-2013-0912", "CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926", "CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849", "CVE-2013-2853", "CVE-2013-2855", "CVE-2013-2856", "CVE-2013-2857", "CVE-2013-2858", "CVE-2013-2859", "CVE-2013-2860", "CVE-2013-2861", "CVE-2013-2862", "CVE-2013-2863", "CVE-2013-2865", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2874", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880", "CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886", "CVE-2013-2887", "CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905");
      script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891);
      script_xref(name:"GLSA", value:"201309-16");
    
      script_name(english:"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-16
    (Chromium, V8: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium and V8. Please
          review the CVE identifiers and release notes referenced below for
          details.
      
    Impact :
    
        A context-dependent attacker could entice a user to open a specially
          crafted website or JavaScript program using Chromium or V8, possibly
          resulting in the execution of arbitrary code with the privileges of the
          process or a Denial of Service condition. Furthermore, a remote attacker
          may be able to bypass security restrictions or have other, unspecified,
          impact.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0b9b0b08"
      );
      # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2f59319e"
      );
      # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ee73f07e"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-16"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/chromium-29.0.1457.57'
        All V8 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 29.0.1457.57"), vulnerable:make_list("lt 29.0.1457.57"))) flag++;
    if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.18.5.14"), vulnerable:make_list("lt 3.18.5.14"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8");
    }
    
  • NASL familyMisc.
    NASL idAPPLETV_6_0.NASL
    descriptionAccording to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id70257
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70257
    titleApple TV < 6.0 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_11_1_4_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities : - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id72105
    published2014-01-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72105
    titleApple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2013-08-12T04:08:09.756-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
familywindows
idoval:org.mitre.oval:def:15914
statusaccepted
submitted2013-05-28T12:09:14.598-04:00
titleUse-after-free vulnerability in Google Chrome before 27.0.1453.93 via vectors related to the handling of widgets
version42