Oracle Solaris Third-Party Patch Update : libvorbis (cve_2012_0444_memory_corruption)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Mozilla Firefox before 3.6.26 and 4.x through 9.0,
Thunderbird before 3.1.18 and 5.0 through 9.0, and
SeaMonkey before 2.7 do not properly initialize
nsChildView data structures, which allows remote
attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via a crafted Ogg Vorbis file.
(CVE-2012-0444)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?2174fe52

Solution :

Upgrade to Solaris 11/11 SRU 8.5.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80686 ()

Bugtraq ID:

CVE ID: CVE-2012-0444

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now