CVE-2011-1202 — MEDIUM (4.3)

Q: How severe is CVE-2011-1202?

CVE-2011-1202 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1202?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Xmlsoft Libxslt.

Vulnerability Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 10.0.648.127
Xmlsoft	Libxslt	<= 1.1.26

Related Weaknesses (CWE)

CWE-200

References

http://code.google.com/p/chromium/issues/detail?id=73716ExploitIssue TrackingPatch
http://downloads.avaya.com/css/P8/documents/100144158Third Party Advisory
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46PatchThird Party Advisory
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlVendor Advisory
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-iThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164Third Party Advisory
http://www.securityfocus.com/bid/46785Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/0628Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=684386Issue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=73716ExploitIssue TrackingPatch
http://downloads.avaya.com/css/P8/documents/100144158Third Party Advisory
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46PatchThird Party Advisory

FAQ

What is CVE-2011-1202?

CVE-2011-1202 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensiti...

How severe is CVE-2011-1202?

CVE-2011-1202 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1202?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Xmlsoft Libxslt.