7.5
HIGH

CVE-2013-0912

Published: 11/03/2013 Updated: 19/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

Vulnerability Summary

WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Affected Products

Vendor Product Versions
GoogleChrome25.0.1364.0, 25.0.1364.1, 25.0.1364.2, 25.0.1364.3, 25.0.1364.5, 25.0.1364.7, 25.0.1364.8, 25.0.1364.9, 25.0.1364.10, 25.0.1364.11, 25.0.1364.12, 25.0.1364.13, 25.0.1364.14, 25.0.1364.15, 25.0.1364.16, 25.0.1364.17, 25.0.1364.18, 25.0.1364.19, 25.0.1364.20, 25.0.1364.21, 25.0.1364.22, 25.0.1364.23, 25.0.1364.24, 25.0.1364.25, 25.0.1364.26, 25.0.1364.27, 25.0.1364.28, 25.0.1364.29, 25.0.1364.30, 25.0.1364.31, 25.0.1364.32, 25.0.1364.33, 25.0.1364.34, 25.0.1364.35, 25.0.1364.36, 25.0.1364.37, 25.0.1364.38, 25.0.1364.39, 25.0.1364.40, 25.0.1364.41, 25.0.1364.42, 25.0.1364.43, 25.0.1364.44, 25.0.1364.45, 25.0.1364.46, 25.0.1364.47, 25.0.1364.48, 25.0.1364.49, 25.0.1364.50, 25.0.1364.51, 25.0.1364.52, 25.0.1364.53, 25.0.1364.54, 25.0.1364.55, 25.0.1364.56, 25.0.1364.57, 25.0.1364.58, 25.0.1364.61, 25.0.1364.62, 25.0.1364.63, 25.0.1364.65, 25.0.1364.66, 25.0.1364.67, 25.0.1364.68, 25.0.1364.70, 25.0.1364.72, 25.0.1364.73, 25.0.1364.74, 25.0.1364.75, 25.0.1364.76, 25.0.1364.77, 25.0.1364.78, 25.0.1364.79, 25.0.1364.80, 25.0.1364.81, 25.0.1364.82, 25.0.1364.84, 25.0.1364.85, 25.0.1364.86, 25.0.1364.87, 25.0.1364.88, 25.0.1364.89, 25.0.1364.90, 25.0.1364.91, 25.0.1364.92, 25.0.1364.93, 25.0.1364.95, 25.0.1364.98, 25.0.1364.99, 25.0.1364.108, 25.0.1364.110, 25.0.1364.112, 25.0.1364.113, 25.0.1364.114, 25.0.1364.115, 25.0.1364.116, 25.0.1364.117, 25.0.1364.118, 25.0.1364.119, 25.0.1364.120, 25.0.1364.121, 25.0.1364.122, 25.0.1364.123, 25.0.1364.124, 25.0.1364.125, 25.0.1364.126, 25.0.1364.152, 25.0.1364.154, 25.0.1364.155, 25.0.1364.156, 25.0.1364.159

Mitigation

Administrators are advised to apply the appropriate updates.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

Exploitation

To exploit the vulnerability, the attacker may provide a file to the user and attempt to persuade the user to open or execute the file by using misleading language or instructions.

References