Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6512


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6512
Last Modified 16 Dec 2009 12:00:00
Published 24 Mar 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-domain vulnerability in the WorkerPool API in Google Gears before allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.

Vulnerable Systems


  • Google Gears 0.1

  • Google Gears 0.2

  • Google Gears 0.3

  • Google Gears 0.4

  • Google Gears 0.5


XF - gears-allowcrossorigin-security-bypass(47173)

BID - 32698

SECUNIA - 33062



Last Updated: 27 May 2016 10:49:13