FKIE_CVE-2012-2848
Vulnerability from fkie_nvd - Published: 2012-08-06 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 21.0.1180.0 | ||
| chrome | 21.0.1180.1 | ||
| chrome | 21.0.1180.2 | ||
| chrome | 21.0.1180.31 | ||
| chrome | 21.0.1180.32 | ||
| chrome | 21.0.1180.33 | ||
| chrome | 21.0.1180.34 | ||
| chrome | 21.0.1180.35 | ||
| chrome | 21.0.1180.36 | ||
| chrome | 21.0.1180.37 | ||
| chrome | 21.0.1180.38 | ||
| chrome | 21.0.1180.39 | ||
| chrome | 21.0.1180.41 | ||
| chrome | 21.0.1180.46 | ||
| chrome | 21.0.1180.47 | ||
| chrome | 21.0.1180.48 | ||
| chrome | 21.0.1180.49 | ||
| chrome | 21.0.1180.50 | ||
| chrome | 21.0.1180.51 | ||
| chrome | 21.0.1180.52 | ||
| chrome | 21.0.1180.53 | ||
| chrome | 21.0.1180.54 | ||
| chrome | 21.0.1180.55 | ||
| apple | mac_os_x | * | |
| linux | linux_kernel | * | |
| chrome | * | ||
| chrome | 21.0.1180.0 | ||
| chrome | 21.0.1180.1 | ||
| chrome | 21.0.1180.2 | ||
| chrome | 21.0.1180.31 | ||
| chrome | 21.0.1180.32 | ||
| chrome | 21.0.1180.33 | ||
| chrome | 21.0.1180.34 | ||
| chrome | 21.0.1180.35 | ||
| chrome | 21.0.1180.36 | ||
| chrome | 21.0.1180.37 | ||
| chrome | 21.0.1180.38 | ||
| chrome | 21.0.1180.39 | ||
| chrome | 21.0.1180.41 | ||
| chrome | 21.0.1180.46 | ||
| chrome | 21.0.1180.47 | ||
| chrome | 21.0.1180.48 | ||
| chrome | 21.0.1180.49 | ||
| chrome | 21.0.1180.50 | ||
| chrome | 21.0.1180.51 | ||
| chrome | 21.0.1180.52 | ||
| chrome | 21.0.1180.53 | ||
| chrome | 21.0.1180.54 | ||
| chrome | 21.0.1180.55 | ||
| chrome | 21.0.1180.56 | ||
| chrome | 21.0.1180.57 | ||
| frame | - | ||
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95449FAB-4F05-4CD9-AC28-050164CB52EB",
"versionEndIncluding": "21.0.1180.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C265F9-3170-4216-81E6-EFEDCD76F46C",
"versionEndIncluding": "21.0.1180.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"matchCriteriaId": "A0692DD3-562D-4BE7-BB61-1549EFFF9CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF70696-70A8-4DFA-A0C3-172A103F3F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:frame:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFF5F06-FE87-4120-A2EE-F66CEF5D7E0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de arrastrar y soltar en Google Chrome anterior a v21.0.1180.57 en Mac OS X y Linux, y anterior a v21.0.1180.60 en Windows y Chrome Frame, permite a usuarios asistidos por un atacante remoto evitar las restricciones de acceso a archivos a trav\u00e9s de un sitio web manipulado."
}
],
"id": "CVE-2012-2848",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-06T15:55:01.493",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=127525"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=127525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…