Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6996

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6996
Last Modified 07 Mar 2011 10:17:17
Published 19 Aug 2009 01:24:52
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6996

Summary

Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.

Vulnerable Systems

Application

  • Google Chrome 0.2.149.27


References

XF - googlechrome-file-download(44904)

BID - 31000

BUGTRAQ - 20080906 Re: RES: Google Chrome Automatic File Download

BUGTRAQ - 20080904 Re: Google Chrome Automatic File Download

BUGTRAQ - 20080903 RE: Google Chrome Automatic File Download

BUGTRAQ - 20080903 Re: Google Chrome Automatic File Download

BUGTRAQ - 20080903 RES: Google Chrome Automatic File Download

BUGTRAQ - 20080902 Google Chrome Automatic File Download

BUGTRAQ - 20080906 Google Chrome Auto download exploit ..

OSVDB - 48261

MILW0RM - 6355

CONFIRM - http://src.chromium.org/viewvc/chrome?view=rev&revision=1793

CONFIRM - http://codereview.chromium.org/472/diff/1/2

XF - google-chrome-file-download(44904)


Last Updated: 27 May 2016 10:49:59