| VID |
28892 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 59.0.3071.86. It is, therefore, affected by the following vulnerabilities :
- A type confusion error exists in the Google V8 component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5070)
- An out-of-bounds read error exists in the Google V8 component that allows an unauthenticated, remote attacker to cause a denial of service condition or the disclosure of sensitive information. (CVE-2017-5071)
- Multiple unspecified flaws exist in the Omnibox component that allows an attacker to spoof the address in the address bar. (CVE-2017-5072, CVE-2017-5076, CVE-2017-5083, CVE-2017-5086)
- A use-after-free error exists in the print preview functionality that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5073)
- A use-after-free error exists in the Apps Bluetooth component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5074)
- An unspecified flaw exists in the CSP reporting component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-5075)
- An overflow condition exists in the Google Skia component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5077)
- An unspecified flaw exists in the mailto handling functionality that allows an unauthenticated, remote attacker to inject arbitrary commands. (CVE-2017-5078)
- An unspecified flaw exists in Blink that allows an attacker to spoof components in the user interface. (CVE-2017-5079)
- A use-after-free free error exists in the credit card autofill functionality that allows an attacker to have an unspecified impact. (CVE-2017-5080)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass extension verification mechanisms. (CVE-2017-5081)
- An unspecified flaw exists in the credit card editor view functionality that allows an unauthenticated, remote attacker to disclose credit card information. (CVE-2017-5082)
- An unspecified flaw exists in the WebUI pages component that allows an unauthenticated, remote attacker to execute arbitrary JavaScript code. (CVE-2017-5085)
* References:
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (8.0.44 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2017-5070,CVE-2017-5071,CVE-2017-5072,CVE-2017-5073,CVE-2017-5074,CVE-2017-5075,CVE-2017-5076,CVE-2017-5077,CVE-2017-5078 (CVE) |
| Related URL |
98861 (SecurityFocus) |
| Related URL |
(ISS) |
|
