VDB
CVE-2011-3640
CVE-2011-3640
PUBLISHED
CVSS 7.099999904632568 HIGH
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
EPSS 0.34% · 57.0th percentile
Risk Scores
CVSS 2.0
7.099999904632568
EPSS Score
0.34%
57.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chrome | 0 | |
| n/a | n/a | * |
Exploit Intelligence
- openSUSE-SU-2012:0063 (circl)
- openSUSE-SU-2012:0030 (circl)
- 8483 (circl)
- oval:org.mitre.oval:def:13414 (circl)
- http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html (circl)
- http://code.google.com/p/chromium/issues/detail?id=97426 (circl)
- https://bugzilla.mozilla.org/show_bug.cgi?id=641052 (circl)
Timeline
- Oct 28, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 13, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Feb 24, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- openSUSE-SU-2012:0063 vendor-advisory
- openSUSE-SU-2012:0030 vendor-advisory
- 8483 third-party-advisory
- oval:org.mitre.oval:def:13414 vdb
- http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html url
- http://code.google.com/p/chromium/issues/detail?id=97426 url
- https://bugzilla.mozilla.org/show_bug.cgi?id=641052 url
- https://nvd.nist.gov/vuln/detail/CVE-2011-3640 advisory