CVE-2011-0012
Description
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
Risk Information
Base Score
3.6
MODERATE
Vector
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
EPSS Score
Exploitation Probability
0.03
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2011:0426) Moderate: spice-xpi security update spice-xpi-2.4-1.el6_0.2.i686.rpm | Linux |
| (RHSA-2011:0426) Moderate: spice-xpi security update spice-xpi-2.4-1.el6_0.2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234