CVE-2008-6994
CVE-2008-6994
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/6365unverifiedcve_referencewww.exploit-db.com/exploits/6367unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://code.google.com/p/chromium/issues/detail?id=1414http://osvdb.org/48259http://security.bkis.vn/?p=119http://securitytracker.com/id?1020823https://exchange.xforce.ibmcloud.com/vulnerabilities/44935https://exchange.xforce.ibmcloud.com/vulnerabilities/44939http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/win_util.cc?r1=1757&r2=1766&pathrev=1766https://www.exploit-db.com/exploits/6365https://www.exploit-db.com/exploits/6367http://www.infoworld.com/d/security-central/critical-vulnerability-patched-in-googles-chrome-599http://www.securityfocus.com/archive/1/496042/100/0/threadedhttp://www.securityfocus.com/bid/31029