CVE-2012-1845 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2012-1845?

CVE-2012-1845 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-1845?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.

Vulnerability Description

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Google	Chrome	<= 17.0.963.66

Related Weaknesses (CWE)

CWE-416

References

http://pwn2own.zerodayinitiative.com/status.htmlNot ApplicableThird Party AdvisoryVDB Entry
http://twitter.com/vupen/statuses/177576000761237505Broken Link
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-sPress/Media Coverage
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-fiPress/Media Coverage
https://exchange.xforce.ibmcloud.com/vulnerabilities/74323Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://pwn2own.zerodayinitiative.com/status.htmlNot ApplicableThird Party AdvisoryVDB Entry
http://twitter.com/vupen/statuses/177576000761237505Broken Link
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-sPress/Media Coverage
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-fiPress/Media Coverage
https://exchange.xforce.ibmcloud.com/vulnerabilities/74323Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory

FAQ

What is CVE-2012-1845?

CVE-2012-1845 is a vulnerability with a CVSS score of 9.3 (HIGH). Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as ...

How severe is CVE-2012-1845?

CVE-2012-1845 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1845?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.