Lucene search

K
cve[email protected]CVE-2010-0657
HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0657

2010-02-1818:00:00
web.nvd.nist.gov
30
cve-2010-0657
google chrome
rce
vulnerability
crafted shortcut
nvd
windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

Affected configurations

NVD
Node
googlechromeRange4.0.249.78beta
OR
googlechromeMatch0.2.149.27
OR
googlechromeMatch0.2.149.29
OR
googlechromeMatch0.2.149.30
OR
googlechromeMatch0.2.152.1
OR
googlechromeMatch0.2.153.1
OR
googlechromeMatch0.3.154.0
OR
googlechromeMatch0.3.154.3
OR
googlechromeMatch0.4.154.18
OR
googlechromeMatch0.4.154.22
OR
googlechromeMatch0.4.154.31
OR
googlechromeMatch0.4.154.33
OR
googlechromeMatch1.0.154.36
OR
googlechromeMatch1.0.154.39
OR
googlechromeMatch1.0.154.42
OR
googlechromeMatch1.0.154.43
OR
googlechromeMatch1.0.154.46
OR
googlechromeMatch1.0.154.48
OR
googlechromeMatch1.0.154.52
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch1.0.154.65
OR
googlechromeMatch2.0.156.1
OR
googlechromeMatch2.0.157.0
OR
googlechromeMatch2.0.157.2
OR
googlechromeMatch2.0.158.0
OR
googlechromeMatch2.0.159.0
OR
googlechromeMatch2.0.169.0
OR
googlechromeMatch2.0.169.1
OR
googlechromeMatch2.0.170.0
OR
googlechromeMatch2.0.172
OR
googlechromeMatch2.0.172.2
OR
googlechromeMatch2.0.172.8
OR
googlechromeMatch2.0.172.27
OR
googlechromeMatch2.0.172.28
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.31
OR
googlechromeMatch2.0.172.33
OR
googlechromeMatch2.0.172.37
OR
googlechromeMatch2.0.172.38
OR
googlechromeMatch3.0.182.2
OR
googlechromeMatch3.0.190.2
OR
googlechromeMatch3.0.193.2beta
OR
googlechromeMatch3.0.195.21
OR
googlechromeMatch3.0.195.24
OR
googlechromeMatch3.0.195.32
OR
googlechromeMatch3.0.195.33
AND
microsoftwindows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%