Search for vulnerabilities
Vulnerability details: VCID-xnde-ugc1-aaah
Vulnerability ID VCID-xnde-ugc1-aaah
Aliases CVE-2011-3640
Summary ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
Status Disputed
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-426 Untrusted Search Path
System Score Found at
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00139 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.00342 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
epss 0.01332 https://api.first.org/data/v1/epss?cve=CVE-2011-3640
rhbs unspecified https://bugzilla.redhat.com/show_bug.cgi?id=748379
cvssv2 7.1 https://nvd.nist.gov/vuln/detail/CVE-2011-3640
Reference id Reference type URL
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3640
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640
http://securityreason.com/securityalert/8483
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
647614 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614
748379 https://bugzilla.redhat.com/show_bug.cgi?id=748379
CVE-2011-3640 https://nvd.nist.gov/vuln/detail/CVE-2011-3640
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
No exploits are available.
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3640
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.50398
EPSS Score 0.00139
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2025-04-16T09:43:31.520223+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2011-3640 36.0.0