Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3264

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3264
Last Modified 01 Oct 2009 01:24:33
Published 18 Sep 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3264

Summary

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.

Vulnerable Systems

Application

  • Google Chrome 0.2.149.27

  • Google Chrome 0.2.149.29

  • Google Chrome 0.2.149.30

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43

  • Google Chrome 1.0.154.46

  • Google Chrome 1.0.154.48

  • Google Chrome 1.0.154.52

  • Google Chrome 1.0.154.53

  • Google Chrome 1.0.154.59

  • Google Chrome 1.0.154.65

  • Google Chrome 2.0.156.1

  • Google Chrome 2.0.157.0

  • Google Chrome 2.0.157.2

  • Google Chrome 2.0.158.0

  • Google Chrome 2.0.159.0

  • Google Chrome 2.0.169.0

  • Google Chrome 2.0.169.1

  • Google Chrome 2.0.170.0

  • Google Chrome 2.0.172

  • Google Chrome 2.0.172.2

  • Google Chrome 2.0.172.27

  • Google Chrome 2.0.172.28

  • Google Chrome 2.0.172.30

  • Google Chrome 2.0.172.31

  • Google Chrome 2.0.172.33

  • Google Chrome 2.0.172.37

  • Google Chrome 2.0.172.38

  • Google Chrome 2.0.172.8

  • Google Chrome 3.0.182.2

  • Google Chrome 3.0.190.2

  • Google Chrome 3.0.193.2


References

BID - 36416

SECUNIA - 36770

OSVDB - 58193

CONFIRM - http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=21338


Last Updated: 27 May 2016 10:51:11