Vulnerability Details : CVE-2011-2600

The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

Vulnerability category: Denial of service

Published 2011-06-30 15:55:05

Updated 2011-07-12 04:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-2600

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-2600

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2011-2600

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2011-2600

http://www.contextis.com/resources/blog/webgl/

Exploit

CVEs referencing this url

Products affected by CVE-2011-2600

Microsoft » Windows Xp
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
Matching versions