Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1441

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1441
Last Modified 19 May 2009 12:00:00
Published 07 May 2009 01:30:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1441

Summary

Heap-based buffer overflow in the ParamTraits::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.

Vulnerable Systems

Application

  • Google Chrome 0.2.149.29

  • Google Chrome 0.2.149.30

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43

  • Google Chrome 1.0.154.46

  • Google Chrome 1.0.154.53

  • Google Chrome 1.0.154.59


References

XF - chrome-paramtraitsskbitmapread-bo(50362)

VUPEN - ADV-2009-1266

SECTRACK - 1022174

BID - 34859

SECUNIA - 35014

OSVDB - 54288

CONFIRM - http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

CONFIRM - http://code.google.com/p/chromium/issues/detail?id=10869


Last Updated: 27 May 2016 10:50:34