Lucene search
HistoryApr 18, 2011 - 5:55 p.m.
CVE-2011-0012
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
Affected configurations
Node
redhatspice-xpiMatch2.2
ORredhatspice-xpiMatch2.3
ORredhatspice-xpiMatch2.4
mozillafirefox
Related
prion
prion
Code injection
2011-04-18 17:55:00
cvelist
cvelist
CVE-2011-0012
2011-04-18 17:00:00
cve
cve
CVE-2011-0012
2011-04-18 17:55:00
oraclelinux
oraclelinux
spice-xpi security update
2011-04-07 00:00:00
nessus
nessus
Scientific Linux Security Update : spice-xpi on SL5.x,SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : spice-xpi (RHSA-2011:0426)
2011-04-08 00:00:00
Oracle Linux 6 : spice-xpi (ELSA-2011-0426)
2013-07-12 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-0426)
2015-10-06 00:00:00
RedHat Update for spice-xpi RHSA-2011:0426-01
2012-06-06 00:00:00
RedHat Update for spice-xpi RHSA-2011:0426-01
2012-06-06 00:00:00
redhat
redhat
(RHSA-2011:0426) Moderate: spice-xpi security update
2011-04-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2011-0012