CVE-2011-3640
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
** CONTROVERTIDO ** Vulnerabilidad de ruta de búsqueda no confiable de Mozilla Network Security Services (NSS), que se utiliza en Google Chrome anterior a v17 en Windows y Mac OS X, puede permitir a usuarios locales conseguir privilegios a través de un archivo troyano pkcs11.txt en un directorio de alto nivel. NOTA: La respuesta del vendedor fue " comportamiento extraño, pero no estamos tratando esto como un fallo de seguridad"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-09-21 CVE Reserved
- 2011-10-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/8483 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html | 2024-08-06 | |
| http://code.google.com/p/chromium/issues/detail?id=97426 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=641052 | 2024-05-17 |
| URL | Date | SRC |
|---|---|---|
| https://hermes.opensuse.org/messages/13154861 | 2024-05-17 | |
| https://hermes.opensuse.org/messages/13155432 | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 17.0 Search vendor "Google" for product "Chrome" and version " < 17.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 17.0 Search vendor "Google" for product "Chrome" and version " < 17.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|