CVE-2011-1179

Name of the Vulnerable Software and Affected Versions spice-xpi versions 2.2 through 2.4

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. The exploitation is related to vectors involving plugin/nsScriptablePeer.cpp and plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.

Recommendations For versions 2.2 through 2.4, consider disabling the spice-xpi plugin as a temporary workaround until a patch is available. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the affected plugin in sensitive operations until the issue is resolved.