Vulnerability Details : CVE-2012-5136
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2012-5136
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.87:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:23.0.1271.62:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5136
1.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5136
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-5136
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5136
-
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15929
Repository / Oval Repository
-
http://www.securityfocus.com/bid/56684
Google Chrome Prior to 23.0.1271.91 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1027815
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80296
Google Chrome input element code execution CVE-2012-5136 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
[security-announce] openSUSE-SU-2012:1637-1: important: Chromium to 25.0Third Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=159829
159829 - Heap-buffer-overflow in WebCore::HTMLInputElement::isImageButton - chromium - MonorailPatch;Issue Tracking
Jump to