CVE-2008-5749

Опубликовано: 29 дек. 2008

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04754

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-c4p5-w53q-qmgh

github

больше 3 лет назад

** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."