关键漏洞信息 漏洞详情 EDB-ID: 6367 CVE: 2008-6994 Author: SVRT Type: REMOTE Platform: WINDOWS Date: 2008-09-05 EDB Verified: ✔️ 漏洞描述 Type of Issue: Buffer Overflow Affected Software: Google Chrome 0.2.149.27 Exploitation Environment: Google Chrome (Language: Vietnamese) on Windows XP SP2 Impact: Remote code execution Rating: Critical Description: - The vulnerability is caused due to a boundary error when handling the 'SaveAs' function. On saving a malicious page with an overly long title ( tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users' systems. Exploit Method: - To exploit the vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system. 发现者 Discoverer: Le Duc Anh - SVRT - Bkis 关联资源 Website: security.bkis.vn Mail: svrt[at]bkav.com.vn Exploit Link: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6367.tgz (2008-chrome.tgz) 参考 Advisory/Source: Link