CVE-2011-3640
CVSS V2 High 7.1
CVSS V3 None
Description
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
Overview
- CVE ID
- CVE-2011-3640
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2011-10-28T02:49:53
- Last Modified Date
- 2023-02-12T20:15:11
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 1 | OR | 17.0 | |
| cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:H/Au:S/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- HIGH
- Authentication
- SINGLE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.1
- Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 10
References
| Reference URL | Reference Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=641052 | Issue Tracking Patch Third Party Advisory |
| http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html | Exploit Third Party Advisory |
| http://code.google.com/p/chromium/issues/detail?id=97426 | Exploit Issue Tracking Patch Vendor Advisory |
| http://securityreason.com/securityalert/8483 | Third Party Advisory |
| https://hermes.opensuse.org/messages/13154861 | Broken Link |
| https://hermes.opensuse.org/messages/13155432 | Broken Link |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414 | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2011-3640 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:07:31 | Added to TrackCVE | |||
| 2023-02-12 21:03:34 | 2023-02-12T20:15:11 | CVE Modified Date | updated | |
| 2023-02-12 21:03:34 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-12 21:03:34 | ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | Description | updated |