CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2832
https://notcve.org/view.php?id=CVE-2012-2832
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. La implementación de imagen-codec en la funcionalidad PDF en Google Chrome anterior a v20.0.1132.43 no inicializa un puntero no especificado, permitiendo a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto desconocido a través de un documento manipulado. • http://code.google.com/p/chromium/issues/detail?id=131553 http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15455 •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 1CVE-2012-2764 – Google Chrome 19.0.1084.52 - 'metro_driver.dll' DLL Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-2764
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. Vulnerabilidad de path de búsqueda no confiable en Google Chrome anteriores a v20.0.1132.43 en Windows podría permitir a usuario locales obtener privilegios a través de un troyano Metro DLL en el directorio de trabajo actual. Google Chrome developers, while trying to be adaptive and current, added some windows 8 helper functions to aid the development of Metro style behavior, but does not include the library file itself, thus resulting in an unqualified dynamic-link library call to 'metro_driver.dll'. A user with local disk access can carefully construct a DLL that suits the pattern that is being traversed by the client and implement it somewhere along the search path and the client will load it seamlessly. • https://www.exploit-db.com/exploits/37510 http://code.google.com/p/chromium/issues/detail?id=130276 http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15375 •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2833
https://notcve.org/view.php?id=CVE-2012-2833
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en JS API en la funcionalidad PDF en Google Chrome anterior a v20.0.1132.43 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=132156 http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2815
https://notcve.org/view.php?id=CVE-2012-2815
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. Google Chrome anterior a v20.0.1132.43 permite a atacantes remotos obtener información potencialmente sensible a partir de un identificador de fragmento, aprovechando el acceso a un elemento IFRAME asociado a un dominio diferente. • http://code.google.com/p/chromium/issues/detail?id=118633 http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 https://hermes.opensuse.org/messages/15075728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15662 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2830
https://notcve.org/view.php?id=CVE-2012-2830
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors. Google Chrome anterior a v20.0.1132.43 no ajusta correctamente los valores de la matriz, lo que permite a atacantes remotos provocar una denegación de servicio (uso de puntero incorrecto) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=129951 http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html https://hermes.opensuse.org/messages/15075728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15483 •