lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <WorldClient-F200809052012.AA12490012@bkav.com.vn>
Date: Fri, 05 Sep 2008 20:12:49 +0700
From: "SVRT" <svrt@...v.com.vn>
To: full-disclosure@...ts.grok.org.uk
Subject: Google Chrome 0.2.149.27 'SaveAs' Function Buffer
	Overflow	Vulnerability

We (SVRT-Bkis) have just discovered vulnerability in Google Chrome 
0.2.149.27. This is a Critical Buffer Overflow Vulnerability permiting 
hacker to perform a remote attack and take complete control of the affected 
system.

We have submitted this Vulnerability to Google. They confirmed and assign a 
verifier for build 0.2.149.28.

Proof of Concept:
We tested Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator)
http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html
With others Windows not XP SP 2:
http://security.bkis.vn/Proof-Of-Concept/PoC-Crash.html
 
Details: 
- Type of Issue : Buffer Overflow. 

- Affected Software : Google Chrome 0.2.149.27.
    
- Exploitation Environment : Google Chrome  on Windows XP SP2.

- Impact: Remote code execution.

- Rating : Critical.

- Description : 
The vulnerability is caused due to a boundary error when handling the 
“SaveAs” function. On saving a malicious page with an overly long title 
(<title> tag in HTML), the program causes a stack-based overflow and makes 
it possible for attackers to execute arbitrary code on users’ systems.

- How an attacker could exploit the issue : 
To exploit the Vulnerability, a hacker might construct a specially crafted 
Web page, which contains malicious code. He then tricks users into visiting 
his Website and convinces them to save this Page. Right after that, the code 
would be executed, giving him the privilege to make use of the affected 
system.

- Discoverer : Le Duc Anh - SVRT - Bkis

- About SVRT : 
SVRT, which is short for Security Vulnerability Research Team, is one of 
Bkis researching groups. SVRT specializes in the detection, alert and 
announcement of security vulnerabilities in software, operating systems, 
network protocols and embedded systems… 

- About Bkis :
Bkis  (Bach Khoa Internetwork Security) is Vietnamese leading Center in 
researching, deploying network security software and solutions. 

- Website : http://security.bkis.vn

- Mail : svrt[at]bkav.com.vn

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ