Vulnerability Details : CVE-2012-1845
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-1845
Probability of exploitation activity in the next 30 days: 3.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1845
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-1845
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1845
-
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/
Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)Press/Media Coverage
-
http://pwn2own.zerodayinitiative.com/status.html
Home | Zero Day InitiativeNot Applicable;Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843
Repository / Oval RepositoryThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74323
Google Chrome DEP code execution CVE-2012-1845 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
Pwn2Own 2012: Google Chrome browser sandbox first to fall | ZDNetPress/Media Coverage
Products affected by CVE-2012-1845
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*