Lucene search

K
nvd[email protected]NVD:CVE-2010-0657
HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0657

2010-02-1818:00:00
web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.008

Percentile

81.6%

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

Affected configurations

NVD
Node
googlechromeRange4.0.249.78beta
OR
googlechromeMatch0.2.149.27
OR
googlechromeMatch0.2.149.29
OR
googlechromeMatch0.2.149.30
OR
googlechromeMatch0.2.152.1
OR
googlechromeMatch0.2.153.1
OR
googlechromeMatch0.3.154.0
OR
googlechromeMatch0.3.154.3
OR
googlechromeMatch0.4.154.18
OR
googlechromeMatch0.4.154.22
OR
googlechromeMatch0.4.154.31
OR
googlechromeMatch0.4.154.33
OR
googlechromeMatch1.0.154.36
OR
googlechromeMatch1.0.154.39
OR
googlechromeMatch1.0.154.42
OR
googlechromeMatch1.0.154.43
OR
googlechromeMatch1.0.154.46
OR
googlechromeMatch1.0.154.48
OR
googlechromeMatch1.0.154.52
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch1.0.154.65
OR
googlechromeMatch2.0.156.1
OR
googlechromeMatch2.0.157.0
OR
googlechromeMatch2.0.157.2
OR
googlechromeMatch2.0.158.0
OR
googlechromeMatch2.0.159.0
OR
googlechromeMatch2.0.169.0
OR
googlechromeMatch2.0.169.1
OR
googlechromeMatch2.0.170.0
OR
googlechromeMatch2.0.172
OR
googlechromeMatch2.0.172.2
OR
googlechromeMatch2.0.172.8
OR
googlechromeMatch2.0.172.27
OR
googlechromeMatch2.0.172.28
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.31
OR
googlechromeMatch2.0.172.33
OR
googlechromeMatch2.0.172.37
OR
googlechromeMatch2.0.172.38
OR
googlechromeMatch3.0.182.2
OR
googlechromeMatch3.0.190.2
OR
googlechromeMatch3.0.193.2beta
OR
googlechromeMatch3.0.195.21
OR
googlechromeMatch3.0.195.24
OR
googlechromeMatch3.0.195.32
OR
googlechromeMatch3.0.195.33
AND
microsoftwindows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.008

Percentile

81.6%