VulDB: Google Windows up to 18.0.1025.168 Windows Media Player Plugin unknown vulnerability
General
scipID: 5431
Affected: Google Windows up to 18.0.1025.168
Published: 05/15/2012 (Haifei Li)
Risk: 
problematic
Entry: 82.8% complete
Created: 05/25/2012
Updated: 09/03/2012
Summary
A vulnerability classified as problematic was found in Google Windows up to 18.0.1025.168. Affected by this vulnerability is an unknown function of the component Windows Media Player Plugin. The impact remains unknown.
The weakness was released 05/15/2012 by Haifei Li with Microsoft Vulnerability Research as knowledge base article (Website). The public release was coordinated with Google. This vulnerability is known as CVE-2011-3098 since 08/09/2011. Technical details are unknown but a private exploit is available.
Upgrading to version 19.0.1084.46 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81960) and Secunia (SA49194).CVSS
Base Score: 4.9 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Local: Yes
Remote: No
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Windows 19.0.1084.46
Timeline
08/09/2011 | CVE assigned
05/15/2012 | Advisory disclosed
05/15/2012 | Countermeasure disclosed
05/18/2012 | OSVDB entry created
05/25/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Researcher: Haifei Li
Company: Microsoft Vulnerability Research
Coordinated: Yes
OSVDB: 81960
CVE: CVE-2011-3098 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49194
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
