[email protected]CVE-2008-7061

HistoryAug 24, 2009 - 7:30 p.m.

CVE-2008-7061

2009-08-2419:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-7061

google chrome

tooltip manager

denial of service

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.195 Low

EPSS

Percentile

96.3%

JSON

The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.

Affected configurations

NVD

Node

googlechromeMatch0.2.149.29

CPENameOperatorVersion
google:chromegoogle chromeeq0.2.149.29

CPE	Name	Operator	Version
google:chrome	google chrome	eq	0.2.149.29

References

googlechromereleases.blogspot.com/2008/09/beta-release-0214930.html

src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/render_widget_host_hwnd.cc?r1=1287&r2=2042&pathrev=2042

src.chromium.org/viewvc/chrome/trunk/src/chrome/views/tooltip_manager.cc?r1=1287&r2=2042&pathrev=2042

src.chromium.org/viewvc/chrome?view=rev&revision=2042

www.blackhat.org.il/exploits/chrome-freeze-exploit.html

www.securityfocus.com/archive/1/496078/100/0/threaded

www.securityfocus.com/archive/1/496094/100/0/threaded

www.securityfocus.com/archive/1/496101/100/0/threaded

www.securityfocus.com/archive/1/496126/100/0/threaded

www.securityfocus.com/archive/1/496138/100/0/threaded

www.securityfocus.com/archive/1/496145/100/0/threaded

www.securityfocus.com/archive/1/496146/100/0/threaded

www.securityfocus.com/archive/1/496151/100/0/threaded

www.securityfocus.com/archive/1/496172/100/100/threaded

www.securityfocus.com/bid/30975

exchange.xforce.ibmcloud.com/vulnerabilities/45039

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.195 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2008-7061

prion2 cvelist2 nvd2 debiancve2 openvas4 cve1 nessus1