Lucene search

[email protected]CVE-2010-0657

HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0657

2010-02-1818:00:00

[email protected]

web.nvd.nist.gov

cve-2010-0657

google chrome

rce

vulnerability

crafted shortcut

nvd

windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

Affected configurations

NVD

Node

googlechromeRange≤4.0.249.78beta

googlechromeMatch0.2.149.27

googlechromeMatch0.2.149.29

googlechromeMatch0.2.149.30

googlechromeMatch0.2.152.1

googlechromeMatch0.2.153.1

googlechromeMatch0.3.154.0

googlechromeMatch0.3.154.3

googlechromeMatch0.4.154.18

googlechromeMatch0.4.154.22

googlechromeMatch0.4.154.31

googlechromeMatch0.4.154.33

googlechromeMatch1.0.154.36

googlechromeMatch1.0.154.39

googlechromeMatch1.0.154.42

googlechromeMatch1.0.154.43

googlechromeMatch1.0.154.46

googlechromeMatch1.0.154.48

googlechromeMatch1.0.154.52

googlechromeMatch1.0.154.53

googlechromeMatch1.0.154.59

googlechromeMatch1.0.154.65

googlechromeMatch2.0.156.1

googlechromeMatch2.0.157.0

googlechromeMatch2.0.157.2

googlechromeMatch2.0.158.0

googlechromeMatch2.0.159.0

googlechromeMatch2.0.169.0

googlechromeMatch2.0.169.1

googlechromeMatch2.0.170.0

googlechromeMatch2.0.172

googlechromeMatch2.0.172.2

googlechromeMatch2.0.172.8

googlechromeMatch2.0.172.27

googlechromeMatch2.0.172.28

googlechromeMatch2.0.172.30

googlechromeMatch2.0.172.31

googlechromeMatch2.0.172.33

googlechromeMatch2.0.172.37

googlechromeMatch2.0.172.38

googlechromeMatch3.0.182.2

googlechromeMatch3.0.190.2

googlechromeMatch3.0.193.2beta

googlechromeMatch3.0.195.21

googlechromeMatch3.0.195.24

googlechromeMatch3.0.195.32

googlechromeMatch3.0.195.33

AND

microsoftwindows

VendorProductVersionCPE
googlechrome0.3.154.3cpe:/a:google:chrome:0.3.154.3:::
googlechrome2.0.172.31cpe:/a:google:chrome:2.0.172.31:::
googlechrome0.4.154.33cpe:/a:google:chrome:0.4.154.33:::
googlechrome2.0.157.0cpe:/a:google:chrome:2.0.157.0:::
googlechrome1.0.154.43cpe:/a:google:chrome:1.0.154.43:::
googlechrome2.0.172.38cpe:/a:google:chrome:2.0.172.38:::
googlechrome2.0.170.0cpe:/a:google:chrome:2.0.170.0:::
googlechrome0.4.154.22cpe:/a:google:chrome:0.4.154.22:::
googlechrome2.0.172.30cpe:/a:google:chrome:2.0.172.30:::
googlechrome0.4.154.18cpe:/a:google:chrome:0.4.154.18:::

Vendor	Product	Version	CPE
google	chrome	0.3.154.3	cpe:/a:google:chrome:0.3.154.3:::
google	chrome	2.0.172.31	cpe:/a:google:chrome:2.0.172.31:::
google	chrome	0.4.154.33	cpe:/a:google:chrome:0.4.154.33:::
google	chrome	2.0.157.0	cpe:/a:google:chrome:2.0.157.0:::
google	chrome	1.0.154.43	cpe:/a:google:chrome:1.0.154.43:::
google	chrome	2.0.172.38	cpe:/a:google:chrome:2.0.172.38:::
google	chrome	2.0.170.0	cpe:/a:google:chrome:2.0.170.0:::
google	chrome	0.4.154.22	cpe:/a:google:chrome:0.4.154.22:::
google	chrome	2.0.172.30	cpe:/a:google:chrome:2.0.172.30:::
google	chrome	0.4.154.18	cpe:/a:google:chrome:0.4.154.18:::