Google Chrome Argument Injection Vulnerability

Google Chrome Argument Injection Vulnerability. Successful exploitation allows arbitrary code execution and compromise of remote system by executing mailcious commands

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2008-5749	23 Dec 200800:00	–	circl
CVE	CVE-2008-5749	29 Dec 200815:00	–	cve
Cvelist	CVE-2008-5749	29 Dec 200815:00	–	cvelist
NVD	CVE-2008-5749	29 Dec 200815:24	–	nvd
OpenVAS	Google Chrome Argument Injection Vulnerability	31 Dec 200800:00	–	openvas
Prion	Design/Logic Flaw	29 Dec 200815:24	–	prion
Positive Technologies	PT-2008-6799 · Google · Google Chrome	29 Dec 200800:00	–	ptsecurity

Source	Link
securityfocus	www.securityfocus.com/archive/1/archive/1/499581/100/0/threaded
milw0rm	www.milw0rm.com/exploits/7566

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_google_chrome_cmd_exec_vuln.nasl 4917 2017-01-02 14:43:20Z cfi $
#
# Google Chrome Argument Injection Vulnerability
#
# Authors:
# Sujit Ghosal <[email protected]>
#
# Copyright:
# Copyright (c) 2008 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker to execute arbitrary code
  in the context of the web browser and can compromise the remote system
  by executing mailcious commands.";
tag_affected = "Google Chrome version 1.0.154.36 and prior on Windows";
tag_insight = "The flaw is due to lack of sanitization check of user supplied input via
  --renderer-path option in a chromehtml: URI.";
tag_solution = "Upgrade to Google Chrome version 4.1.249.1064 or later.
  For updates refer to http://www.google.com/chrome";
tag_summary = "This host has installed Google Chrome and is prone to argument
  injection vulnerability.";

if(description)
{
  script_id(900419);
  script_version("$Revision: 4917 $");
  script_tag(name:"last_modification", value:"$Date: 2017-01-02 15:43:20 +0100 (Mon, 02 Jan 2017) $");
  script_tag(name:"creation_date", value:"2008-12-31 15:14:17 +0100 (Wed, 31 Dec 2008)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2008-5749");
  script_bugtraq_id(32997);
  script_name("Google Chrome Argument Injection Vulnerability");
  script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/7566");
  script_xref(name : "URL" , value : "http://www.securityfocus.com/archive/1/archive/1/499581/100/0/threaded");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"executable_version");
  script_copyright("Copyright (C) 2008 SecPod");
  script_family("General");
  script_dependencies("gb_google_chrome_detect_win.nasl");
  script_mandatory_keys("GoogleChrome/Win/Ver");

  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);

  exit(0);
}


include("version_func.inc");

chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(!chromeVer){
  exit(0);
}

if(version_is_less_equal(version:chromeVer, test_version:"1.0.154.36")){
  security_message(0);
}

02 Jan 2017 00:00Current

0.9Low risk

Vulners AI Score0.9

EPSS0.04832