Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-6994

Published: 19/08/2009 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Chrome

Vulnerability Summary

Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote malicious users to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome 0.2.149.27

Exploits

Exploit DB: Google Chrome 0.2.149.27 - 'SaveAs' Remote Buffer Overflow
PoC Code is in Attach file because this file is saved in 'Unicode' type for exploit Here is Description for this Vuln : · Type of Issue : Buffer Overflow · Affected Software : Google Chrome 0214927 · Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2 · Imp ...

References

CWE-119http://code.google.com/p/chromium/issues/detail?id=1414http://osvdb.org/48259http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/win_util.cc?r1=1757&r2=1766&pathrev=1766http://security.bkis.vn/?p=119http://www.securityfocus.com/bid/31029http://www.infoworld.com/d/security-central/critical-vulnerability-patched-in-googles-chrome-599http://securitytracker.com/id?1020823http://www.securityfocus.com/bid/31031https://exchange.xforce.ibmcloud.com/vulnerabilities/44939https://exchange.xforce.ibmcloud.com/vulnerabilities/44935https://www.exploit-db.com/exploits/6367https://www.exploit-db.com/exploits/6365http://www.securityfocus.com/archive/1/496042/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/6367/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook