CVE-2012-5117

HIGH

Description

Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.

References

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html

http://osvdb.org/87076

http://www.securityfocus.com/bid/56413

https://code.google.com/p/chromium/issues/detail?id=145915

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15912

Details

Source: MITRE

Published: 2012-11-07

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH