Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4203 | First vendor Publication | 2010-11-05 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12198 | |||
| Oval ID: | oval:org.mitre.oval:def:12198 | ||
| Title: | Vulnerability in WebM libvpx (aka the VP8 Codec SDK) in Google Chrome before 7.0.517.44 | ||
| Description: | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4203 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12758 | |||
| Oval ID: | oval:org.mitre.oval:def:12758 | ||
| Title: | USN-1015-1 -- libvpx vulnerability | ||
| Description: | Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1015-1 CVE-2010-4203 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 | Product(s): | libvpx |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22286 | |||
| Oval ID: | oval:org.mitre.oval:def:22286 | ||
| Title: | RHSA-2010:0999: libvpx security update (Moderate) | ||
| Description: | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0999-01 CVE-2010-4203 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | libvpx |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23335 | |||
| Oval ID: | oval:org.mitre.oval:def:23335 | ||
| Title: | ELSA-2010:0999: libvpx security update (Moderate) | ||
| Description: | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0999-01 CVE-2010-4203 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | libvpx |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27598 | |||
| Oval ID: | oval:org.mitre.oval:def:27598 | ||
| Title: | DEPRECATED: ELSA-2010-0999 -- libvpx security update (moderate) | ||
| Description: | [0.9.0-8] - Fix CVE-2010-4203 Resolves: rhbz#652440 [0.9.0-7] - Import 0.9.0-6 package from Fedora - Add patch porting yasm syntax to gas Related: rhbz#603113 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0999 CVE-2010-4203 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | libvpx |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-04-02 | Name : Fedora Update for libvpx FEDORA-2011-11057 File : nvt/gb_fedora_2011_11057_libvpx_fc16.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-03 (libvpx) File : nvt/glsa_201101_03.nasl |
| 2010-12-09 | Name : Fedora Update for libvpx FEDORA-2010-17876 File : nvt/gb_fedora_2010_17876_libvpx_fc14.nasl |
| 2010-12-09 | Name : Fedora Update for libvpx FEDORA-2010-17893 File : nvt/gb_fedora_2010_17893_libvpx_fc13.nasl |
| 2010-11-23 | Name : Ubuntu Update for libvpx vulnerability USN-1015-1 File : nvt/gb_ubuntu_USN_1015_1.nasl |
| 2010-11-18 | Name : Google Chrome multiple vulnerabilities - November 10(Linux) File : nvt/gb_google_chrome_mult_vuln_nov10_lin.nasl |
| 2010-11-18 | Name : Google Chrome multiple vulnerabilities - November 10(Windows) File : nvt/gb_google_chrome_mult_vuln_nov10_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69169 | Google Chrome WebM libvpx Unspecified Memory Corruption A memory corruption flaw exists in Google Chrome. The WebM libvpx component fails to sanitize user-supplied input when processing invalid frames, resulting in memory corruption. This may allow a context-dependent attacker to cause a denial of service or have other unspecified impact. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0999.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101220_libvpx_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2011-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11057.nasl - Type : ACT_GATHER_INFO |
| 2011-01-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-03.nasl - Type : ACT_GATHER_INFO |
| 2010-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0999.nasl - Type : ACT_GATHER_INFO |
| 2010-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17876.nasl - Type : ACT_GATHER_INFO |
| 2010-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17893.nasl - Type : ACT_GATHER_INFO |
| 2010-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1015-1.nasl - Type : ACT_GATHER_INFO |
| 2010-11-04 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_7_0_517_44.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:47:33 |
|
| 2021-05-05 01:07:35 |
|
| 2021-05-04 12:12:43 |
|
| 2021-04-22 01:14:10 |
|
| 2020-09-29 01:05:59 |
|
| 2020-08-01 00:22:40 |
|
| 2020-05-23 01:43:02 |
|
| 2020-05-23 00:26:54 |
|
| 2017-09-19 09:24:04 |
|
| 2016-04-26 20:13:47 |
|
| 2014-02-17 10:58:34 |
|
| 2013-05-10 23:36:48 |
|
