CVE

Id
35866  
CVE No.
CVE-2008-5749  
Status
Candidate  
Description
** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."  
Phase
Assigned (20081229)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
394279 35866 CVE-2008-5749 BUGTRAQ:20081223 Google Chrome Browser (ChromeHTML://) remote parameter injection POC  View
394280 35866 CVE-2008-5749 URL:http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded  View
394281 35866 CVE-2008-5749 BUGTRAQ:20081225 Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC  View
394282 35866 CVE-2008-5749 URL:http://www.securityfocus.com/archive/1/archive/1/499581/100/0/threaded  View
394283 35866 CVE-2008-5749 BUGTRAQ:20081226 Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC  View
394284 35866 CVE-2008-5749 URL:http://www.securityfocus.com/archive/1/archive/1/499616/100/0/threaded  View
394285 35866 CVE-2008-5749 MILW0RM:7566  View
394286 35866 CVE-2008-5749 URL:http://www.milw0rm.com/exploits/7566  View
394287 35866 CVE-2008-5749 MISC:http://retrogod.altervista.org/9sg_chrome.html  View
394288 35866 CVE-2008-5749 BID:32997  View
394289 35866 CVE-2008-5749 URL:http://www.securityfocus.com/bid/32997  View
394290 35866 CVE-2008-5749 SREASON:4821  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
48470 JVNDB-2008-003780 BulletProof FTP Client におけるスタックベースのバッファオーバーフローの脆弱性 BulletProof FTP Client には、スタックベースのバッファオーバーフローの脆弱性が存在します。 CVE-2008-5753 35866 9.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003780.html  View