CVE-2012-5376 - OpenCVE

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
http://code.google.com/p/chromium/issues/detail?id=154983
http://code.google.com/p/chromium/issues/detail?id=154987
http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html
http://osvdb.org/86156
http://secunia.com/advisories/50954
https://exchange.xforce.ibmcloud.com/vulnerabilities/79186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-11T10:00:00

Updated: 2024-08-06T21:05:46.648Z

Reserved: 2012-10-11T00:00:00

Link: CVE-2012-5376

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-10-11T10:51:57.097

Modified: 2019-09-27T17:19:16.480

Link: CVE-2012-5376

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:15156", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156"}, {"name": "50954", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50954"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=154983"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html"}, {"name": "86156", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/86156"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=154987"}, {"name": "google-chrome-ipc-sec-bypass(79186)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79186"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5376", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:15156", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156"}, {"name": "50954", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50954"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=154983", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=154983"}, {"name": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html"}, {"name": "86156", "refsource": "OSVDB", "url": "http://osvdb.org/86156"}, {"name": "http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html", "refsource": "CONFIRM", "url": "http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=154987", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=154987"}, {"name": "google-chrome-ipc-sec-bypass(79186)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79186"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:46.648Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:15156", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156"}, {"name": "50954", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50954"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/chromium/issues/detail?id=154983"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html"}, {"name": "86156", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/86156"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/chromium/issues/detail?id=154987"}, {"name": "google-chrome-ipc-sec-bypass(79186)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79186"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5376", "datePublished": "2012-10-11T10:00:00", "dateReserved": "2012-10-11T00:00:00", "dateUpdated": "2024-08-06T21:05:46.648Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "31CA07B3-F5E8-4E47-BC96-B63ABEF00FB5", "versionEndExcluding": "22.0.1229.94", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112."}, {"lang": "es", "value": "La implementaci\u00f3n de Inter-process Communication (IPC) en Google Chrome anteriores a v22.0.1229.94 permite a atacantes remotos evitar las restricciones del entorno de ejecuci\u00f3n seguro \"sandbox\" establecidos y escribir en ficheros aprovechando el acceso a procesos de renderizado, es una vulnerabilidad distinta a CVE-2012-5112."}], "id": "CVE-2012-5376", "lastModified": "2019-09-27T17:19:16.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2012-10-11T10:51:57.097", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=154983"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=154987"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/86156"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50954"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79186"}, {"source": "cve@mitre.org", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}