CVE-2008-5749
Google Chrome - 'ChromeHTML://' Remote Parameter Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
** CUESTIONADA ** Vulnerabilidad de inyección de argumento en Google Chrome 1.0.154.36 sobre Windows XP SP3, permite a atacantes remotos ejecutar comandos de su elección a través de la opción "--renderer-path" en una URI chromehtml:. NOTA: un tercero cuestiona esta vulnerabilidad argumentando que Chrome "pregunta sobre los permisos de usuario" y "no puede lanzar el applet incluso si el usuario da el permiso".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-12-29 CVE Reserved
- 2008-12-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/4821 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/499570/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/499581/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/499616/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/32997 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/7566 | 2024-08-07 | |
http://retrogod.altervista.org/9sg_chrome.html | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.36 Search vendor "Google" for product "Chrome" and version "1.0.154.36" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|