| Vulnerability Name: | CVE-2013-0895 (CCN-82291) | ||||||||||||||||||||
| Assigned: | 2013-02-21 | ||||||||||||||||||||
| Published: | 2013-02-21 | ||||||||||||||||||||
| Updated: | 2022-11-18 | ||||||||||||||||||||
| Summary: | Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-0895 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Release Notes, Vendor Advisory http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html Source: SUSE Type: Broken Link, Third Party Advisory openSUSE-SU-2013:0454 Source: CCN Type: SA52320 Google Chrome Multiple Vulnerabilities Source: CCN Type: BID-59349 Google Chrome CVE-2013-0895 Arbitrary Code Execution Vulnerability Source: CONFIRM Type: Exploit, Issue Tracking, Mailing List, Vendor Advisory https://code.google.com/p/chromium/issues/detail?id=167840 Source: XF Type: UNKNOWN chrome-file-copying-code-exec(82291) | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||