CVE-2011-1202

Google Chrome < 10.0.648.127 - Exposure of Sensitive Information via XSLT generate-id Function

Title source: llm
STIX 2.1

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46785
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=73716
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=684386
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
Third Party Advisory x_refsource_confirm
http://downloads.avaya.com/css/P8/documents/100144158
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0628

Scores

EPSS 0.0242
EPSS Percentile 82.2%

Details

CWE
CWE-200
Status published
Products (2)
google/chrome < 10.0.648.127
xmlsoft/libxslt < 1.1.26
Published Mar 11, 2011
Tracked Since Feb 18, 2026