CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%
The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities :
A use-after-free error exists related to the DOM component. (CVE-2015-1209)
A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210)
A privilege escalation error exists related to service workers. (CVE-2015-1211)
Various unspecified errors exist. (CVE-2015-1212)
Numerous vulnerabilities affect the Adobe Flash Player plugin which is bundled with this version of Chrome :
Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322)
Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330)
Type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319)
Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327)
A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324)
Several NULL pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328)
A use-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
Binary data 8582.pasl
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%