![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.myhpf.co.uk%2Fbanners%2F125x125.gif)
Google Chrome ‘SaveAs’ Function Buffer Overflow Vulnerability
Proof of Concept:
Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator)
http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html
With other Windows non-XP SP2:
http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html
Details:
· Type of Issue : Buffer Overflow.
· Affected Software : Google Chrome 0.2.149.27.
· Exploitation Environment : Google Chrome on Windows XP SP2.
· Impact: Remote code execution.
· Rating : Critical.
· Description :
The vulnerability is caused due to a boundary error when handling the
"SaveAs" function. On saving a malicious page with an overly long title
(<title> tag in HTML), the program causes a stack-based overflow and makes
it possible for attackers to execute arbitrary code on users’ systems.
· How an attacker could exploit the issue :
To exploit the Vulnerability, a hacker might construct a specially crafted
Web page, which contains malicious code. He then tricks users into visiting
a Website and convinces them to save this Page. Right after that, the code
would be executed, giving him the privilege to make use of the affected
system.
· Discoverer : Le Duc Anh - SVRT - Bkis
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.myhpf.co.uk%2Fbanners%2F60x468.gif)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.alertpay.com%2Fbanners%2Fban_20.gif)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Fdigg.png "Digg this!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Fdelicious.png "Add to del.icio.us!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Fstumbleupon.png "Stumble this!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fstatic.technorati.com%2Fpix%2Ffave%2Fbtn-fave2.png "Add to Technorati!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Ffacebook.png "Share on Facebook!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Fnewsvine.png "Seed Newsvine!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Freddit.png "Reddit!")
![[image]](http://mowser.com/img?url=http%3A%2F%2Fdoomet.com%2Fwp-content%2Fthemes%2Farthemia%2Fimages%2Fsociable%2Fyahoomyweb.png "Add to Yahoo!")
(No Ratings Yet)
Loading ...
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.anoox.com%2Fimages%2Fanoox-search-engine-2.gif)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.alertpay.com%2Fbanners%2Fban_24.gif)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.alertpay.com%2Fbanners%2Fban_26.gif)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.myhpf.co.uk%2Fbanners%2F600x120.gif)
Leave your response!