NVD Vulnerability Detail

CVE-2012-1845

Summary	Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
Publication Date	March 23, 2012, 1:55 a.m.
Registration Date	Jan. 28, 2021, 2:56 p.m.
Last Update	Nov. 21, 2024, 10:37 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::			17.0.963.66

Related information, measures and tools

No	URL	タグ
1	http://pwn2own.zerodayinitiative.com/status.html	Not Applicable Third Party Advisory VDB Entry
2	http://pwn2own.zerodayinitiative.com/status.html	Not Applicable Third Party Advisory VDB Entry
3	http://twitter.com/vupen/statuses/177576000761237505	Broken Link
4	http://twitter.com/vupen/statuses/177576000761237505	Broken Link
5	http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/	Press/Media Coverage
6	http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/	Press/Media Coverage
7	http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588	Press/Media Coverage
8	http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588	Press/Media Coverage
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/74323	Third Party Advisory VDB Entry
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/74323	Third Party Advisory VDB Entry
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843	Third Party Advisory
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Google Chrome における DEP および ASLR 保護メカニズムを回避される脆弱性

Title	Google Chrome における DEP および ASLR 保護メカニズムを回避される脆弱性
Summary	Google Chromeには、DEP および ASLR 保護メカニズムを回避され、任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、DEP および ASLR 保護メカニズムを回避され、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 22, 2012, midnight
Registration Date	March 27, 2012, 2:19 p.m.
Last Update	March 27, 2012, 2:19 p.m.

Affected System

Google

Google Chrome 17.0.963.66 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1845	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1845
National Vulnerability Database (NVD)
2	CVE-2012-1845	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1845

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Google
1	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.