New Search

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222 as used in Google Chrome before 11.0.696.43 and other products does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

oval:org.mitre.oval:def:14365

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222 as used in Google Chrome before 11.0.696.43 and other products does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2011-1691
Product(s):
  • Google Chrome