CVE-2008-6994
published 2009-08-19CVE-2008-6994: Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.22%
95.1th percentile
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | — | — | |
| chrome | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5467-vhqx-qjxg: Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util
ghsa_unreviewed·2022-05-14
CVE-2008-6994 [HIGH] CWE-119 GHSA-5467-vhqx-qjxg: Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
GHSA
GHSA-j2m3-6m57-7jjv: The tooltip manager (chrome/views/tooltip_manager
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2008-7061 [CRITICAL] GHSA-j2m3-6m57-7jjv: The tooltip manager (chrome/views/tooltip_manager
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.
No detection rules found.
Exploit-DB
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
exploitdb·2008-11-05
CVE-2008-2992 Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
---
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Exploit
author: Elazar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6994.pdf (2008-APSB08-19.pdf)
# milw0rm.com [2008-11-05]
Exploit-DB
Google Chrome 0.2.149.27 - 'SaveAs' Remote Buffer Overflow
exploitdb·2008-09-05
CVE-2008-6994 Google Chrome 0.2.149.27 - 'SaveAs' Remote Buffer Overflow
Google Chrome 0.2.149.27 - 'SaveAs' Remote Buffer Overflow
---
PoC Code is in Attach file because this file is saved in 'Unicode' type for exploit.
Here is Description for this Vuln :
· Type of Issue : Buffer Overflow.
· Affected Software : Google Chrome 0.2.149.27.
· Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2.
· Impact: Remote code execution.
· Rating : Critical .
· Description :
The vulnerability is caused due to a boundary error when handling the “SaveAs†function. On saving
a malicious page with an overly long title ( tag in HTML), the program causes a stack-based overflow and makes
it possible for attackers to execute arbitrary code on users’ systems.
· How an attacker could exploit the issue :
To exploit the Vulnerability, a hack
No writeups or analysis indexed.
http://code.google.com/p/chromium/issues/detail?id=1414http://osvdb.org/48259http://security.bkis.vn/?p=119http://securitytracker.com/id?1020823http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/win_util.cc?r1=1757&r2=1766&pathrev=1766http://www.infoworld.com/d/security-central/critical-vulnerability-patched-in-googles-chrome-599http://www.securityfocus.com/archive/1/496042/100/0/threadedhttp://www.securityfocus.com/bid/31029http://www.securityfocus.com/bid/31031https://exchange.xforce.ibmcloud.com/vulnerabilities/44935https://exchange.xforce.ibmcloud.com/vulnerabilities/44939https://www.exploit-db.com/exploits/6365https://www.exploit-db.com/exploits/6367http://code.google.com/p/chromium/issues/detail?id=1414http://osvdb.org/48259http://security.bkis.vn/?p=119http://securitytracker.com/id?1020823http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/win_util.cc?r1=1757&r2=1766&pathrev=1766http://www.infoworld.com/d/security-central/critical-vulnerability-patched-in-googles-chrome-599http://www.securityfocus.com/archive/1/496042/100/0/threadedhttp://www.securityfocus.com/bid/31029http://www.securityfocus.com/bid/31031https://exchange.xforce.ibmcloud.com/vulnerabilities/44935https://exchange.xforce.ibmcloud.com/vulnerabilities/44939https://www.exploit-db.com/exploits/6365https://www.exploit-db.com/exploits/6367
2009-08-19
Published