Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1179

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-1179
Last Modified 20 Apr 2011 12:00:00
Published 18 Apr 2011 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1179

Summary

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.

Vulnerable Systems

Application

  • Redhat Spice-xpi 2.2

  • Redhat Spice-xpi 2.3

  • Redhat Spice-xpi 2.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=689931

MISC - https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff

XF - spicexpi-pointer-privilege-escalation(66777)

VUPEN - ADV-2011-0899

SECTRACK - 1025304

BID - 47269

REDHAT - RHSA-2011:0427

REDHAT - RHSA-2011:0426

SECUNIA - 44060


Last Updated: 27 May 2016 10:56:12