CVE-2011-1300

Current Description

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

Basic Data

PublishedApril 15, 2011
Last ModifiedJuly 18, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMozillaFirefox4.0*******
      2.3ApplicationMozillaFirefox4.0beta1******
      2.3ApplicationMozillaFirefox4.0beta10******
      2.3ApplicationMozillaFirefox4.0beta11******
      2.3ApplicationMozillaFirefox4.0beta12******
      2.3ApplicationMozillaFirefox4.0beta2******
      2.3ApplicationMozillaFirefox4.0beta3******
      2.3ApplicationMozillaFirefox4.0beta4******
      2.3ApplicationMozillaFirefox4.0beta5******
      2.3ApplicationMozillaFirefox4.0beta6******
      2.3ApplicationMozillaFirefox4.0beta7******
      2.3ApplicationMozillaFirefox4.0beta8******
      2.3ApplicationMozillaFirefox4.0beta9******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGoogleChrome********10.0.648.205
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows-*******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox 4.0
Google Chrome *

References

NameSourceURLTags
http://code.google.com/p/angleproject/source/detail?r=611http://code.google.com/p/angleproject/source/detail?r=611CONFIRMVendor Advisory
http://code.google.com/p/chromium/issues/detail?id=70070http://code.google.com/p/chromium/issues/detail?id=70070CONFIRMVendor Advisory
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlCONFIRMVendor Advisory
44141http://secunia.com/advisories/44141SECUNIAVendor Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-17.htmlhttp://www.mozilla.org/security/announce/2011/mfsa2011-17.htmlCONFIRMVendor Advisory
47377http://www.securityfocus.com/bid/47377BIDThird Party Advisory VDB Entry
1025377http://www.securitytracker.com/id?1025377SECTRACKThird Party Advisory VDB Entry
ADV-2011-1006http://www.vupen.com/english/advisories/2011/1006VUPENVendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=623791https://bugzilla.mozilla.org/show_bug.cgi?id=623791CONFIRMIssue Tracking Vendor Advisory
chrome-gpu-dos(66766)https://exchange.xforce.ibmcloud.com/vulnerabilities/66766XFThird Party Advisory VDB Entry
oval:org.mitre.oval:def:14466https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466OVALThird Party Advisory