SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2010-4008

Date: (C)2010-11-16 (M)2024-02-22

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

APPLE-SA-2010-11-22-1

APPLE-SA-2011-03-02-1

APPLE-SA-2011-03-09-2

APPLE-SA-2011-03-21-1

IAVM:2012-A-0073

IAVM:2012-A-0114

IAVM:2012-A-0153

SUSE-SR:2010:023

http://mail.gnome.org/archives/xml/2010-November/msg00015.html

http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/

http://code.google.com/p/chromium/issues/detail?id=58731

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

oval:org.mitre.oval:def:12148

CPE 904

cpe:/a:google:chrome:6.0.481.0
cpe:/a:google:chrome:6.0.417.0
cpe:/a:google:chrome:2.0.157.0
cpe:/a:google:chrome:5.0.366.3
...

oval:org.secpod.oval:def:700080
oval:org.secpod.oval:def:17738
oval:org.secpod.oval:def:17737
oval:org.mitre.oval:def:12148
...

© SecPod Technologies