Vulnerability Details : CVE-2011-3640
Potential exploit
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
Products affected by CVE-2011-3640
Exploit prediction scoring system (EPSS) score for CVE-2011-3640
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3640
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2011-3640
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3640
-
http://securityreason.com/securityalert/8483
Google Chrome pkcs11.txt File Planting - CXSecurity.comThird Party Advisory
-
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
ACROS Security Blog: Google Chrome pkcs11.txt File PlantingExploit;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
641052 - (CVE-2011-3640) NSS_NoDB_Init should not try to open /pkcs11.txt and /secmod.dbIssue Tracking;Patch;Third Party Advisory
-
https://hermes.opensuse.org/messages/13155432
openSUSE.org - 503Broken Link
-
https://hermes.opensuse.org/messages/13154861
openSUSE.org - 503Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
Repository / Oval RepositoryThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=97426
97426 - Security: pkcs11.txt file planting leads to remote code execution outside sandbox - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
Jump to