Armis Vulnerability Intelligence Database

Description Preview

The vulnerability in WebM libvpx (VP8 Codec SDK) before version 0.9.5, as utilized in Google Chrome before version 7.0.517.44, enables remote attackers to trigger a denial of service condition due to memory corruption. This flaw could potentially allow attackers to execute arbitrary code by exploiting invalid frames.

Overview

This CVE describes a vulnerability in the WebM libvpx library, specifically affecting versions prior to 0.9.5. The issue allows remote attackers to exploit invalid frames to cause memory corruption, potentially leading to a denial of service or arbitrary code execution.

Remediation

To remediate this vulnerability, users are advised to update their Google Chrome browser to version 7.0.517.44 or later, which includes the patched version of the WebM libvpx library (0.9.5). It is crucial to keep software up to date to mitigate the risk of exploitation.

References

Secunia Advisory: http://secunia.com/advisories/42690
OVAL Definition: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198
Google Chrome Releases: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Gentoo GLSA-201101-03: http://security.gentoo.org/glsa/glsa-201101-03.xml
Red Hat RHSA-2010:0999: https://rhn.redhat.com/errata/RHSA-2010-0999.html
VUPEN Advisory ADV-2011-0115: http://www.vupen.com/english/advisories/2011/0115
WebM libvpx Gitweb Changelog: http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG
Chromium Issue Tracker: http://code.google.com/p/chromium/issues/detail?id=60055
Secunia Advisory 42109: http://secunia.com/advisories/42109
Secunia Advisory 42118: http://secunia.com/advisories/42118
Secunia Advisory 42908: http://secunia.com/advisories/42908

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Health Care & Social Assistance
Health Care & Social Assistance
Manufacturing
Manufacturing
Public Administration
Public Administration
Transportation & Warehousing
Transportation & Warehousing
Educational Services
Educational Services
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Construction
Construction
Finance and Insurance
Finance and Insurance
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Utilities
Utilities
Wholesale Trade
Wholesale Trade
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Retail Trade
Retail Trade

^{CVE-2010-4203:}WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!