CVE-2011-0012

CWE-595 documents5 sources
Severity
3.3LOW
EPSS
0.0%
top 91.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Spice-xpi
Timeline
PublishedApr 18
Latest updateMay 3

Description

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

NVDredhat/spice-xpi2.2, 2.3, 2.4+2

🔴Vulnerability Details

2
GHSA
GHSA-pp7j-p833-2h5r: The SPICE Firefox plug-in (spice-xpi) 22022-05-03
CVEList
CVE-2011-0012: The SPICE Firefox plug-in (spice-xpi) 22011-04-18

📋Vendor Advisories

1
Red Hat
spice-xpi: symlink attack on usbrdrctl log file2011-04-07

💬Community

1
Bugzilla
CVE-2011-0012 spice-xpi: symlink attack on usbrdrctl log file2010-10-04
CVE-2011-0012 (LOW CVSS 3.3) | The SPICE Firefox plug-in (spice-xp | cvebase.io