Vulnerability Details : CVE-2011-3909
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2011-3909
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3909
2.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3909
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3909
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3909
-
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://code.google.com/p/chromium/issues/detail?id=101010
101010 - Security: css/CSSParser.cpp memory corruption bug - chromium - MonorailExploit;Issue Tracking;Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://secunia.com/advisories/48288
Sign inThird Party Advisory
-
http://secunia.com/advisories/48274
Sign inThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73808
Apple WebKit unspecified code execution CVE-2011-3909 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579
Repository / Oval RepositoryThird Party Advisory
-
http://secunia.com/advisories/48377
Sign inThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.securitytracker.com/id?1026774
Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
Jump to