Google Chrome 0.2.149.27 - 'SaveAs' Remote Buffer Overflow

EDB-ID:

6367


Author:

SVRT

Type:

remote


Platform:

Windows

Date:

2008-09-05


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

PoC Code is in Attach file because this file is saved in 'Unicode' type for exploit.

Here is Description for this Vuln :
·          Type of Issue : Buffer Overflow. 
·          Affected Software : Google Chrome 0.2.149.27.      
·          Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2.
·          Impact: Remote code execution.
·          Rating : Critical .
·          Description :
The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving 
a malicious page with an overly long title (<title> tag in HTML), the program causes a stack-based overflow and makes 
it possible for attackers to execute arbitrary code on users’ systems.
·          How an attacker could exploit the issue :
To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. 
He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would 
be executed, giving him the privilege to make use of the affected system.
·          Discoverer : Le Duc Anh - SVRT - Bkis
·          About SVRT :
SVRT, which is short for Security Vulnerability Research Team, is one of Bkis researching groups. SVRT specializes 
in the detection, alert and announcement of security vulnerabilities in software, operating systems, network protocols 
and embedded systems…
·          Website : security.bkis.vn
·          Mail : svrt[at]bkav.com.vn

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/6367.tgz (2008-chrome.tgz)

# milw0rm.com [2008-09-05]