Information Disclosure Vulnerability in Google Chrome and Libxslt
CVE-2011-1202

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxslt; Chrome
Vendor: CVE Published:; 11 March 2011

What is CVE-2011-1202?

The xsltGenerateIdFunction in libxslt up to version 1.1.26, utilized by Google Chrome before version 10.0.648.127, exposes a vulnerability where remote attackers can exploit an XML document containing a call to the XSLT generate-id function. This can lead to leakage of potentially sensitive information regarding heap memory addresses, posing a risk to users and systems dependent on affected products.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/46785

vdb-entryx_refsource_BID

http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2011
Vulnerability Reserved
Mar 3, 2011

Xmlsoft

What is CVE-2011-1202?

References

Timeline