Google Chrome Frame Plugin For Microsoft IE Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with google chrome frame plugin for microsoft ie and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attacker to crash the program via a specially crafted _blank value for the target attribute of an A element. Impact Level: Application

Solution

Upgrade to Google Chrome Frame plugin 26.0.1410.28 or later, For updates refer to http://www.google.com/chromeframe

Insight

Flaw due to an improper handling of an attach tab request in the Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc.

Affected

Google Chrome Frame plugin version before 26.0.1410.28

References

http://googlechromereleases.blogspot.in/2013/03/beta-channel-update.html
http://www.osvdb.com/91114
https://chromiumcodereview.appspot.com/12395021
https://code.google.com/p/chromium/issues/detail?id=178415

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2493
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
eZ/eZphotoshare Denial of Service
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities