-
Notifications
You must be signed in to change notification settings - Fork 254
CVE 2015 1274
Aidan Sawyer edited this page Dec 17, 2016
·
2 revisions
||| |:----|:------|:------| |CVE_ID| CVE-2015-1274 | |version_broken|| |version_found|40.0.2214.115| |version_fixed|44.0.2403.89| |file/s|browser/download/download_commands.cc, browser/download/download_extentions.cc| |subsystem|Download| |code review ID|1165893004|
"does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice"
lack of protection for specific, potentially dangerous file types allows for the potential for users selecting the "always open files of this type" to cause arbitrary code executions of malicious code.
| type | Arbitrary Code Execution |
| coding mistakes | lack of sanitization and/or black/white-listing |
| CWE-ID | 254 |
| Exploits | No Known |
| CVSS | |
|---|---|
| Overall | 6.8 |
| Confidentiality | Partial |
| Integrity | Partial |
| Availability | Partial |
| Access Complexity | Medium |
| Authentication | None |
| Gained Access | None |
| commit_id | |
| commit_date | |
| user_username | |
| user_name | |
| user_role |
| issue_id | 461858 |
| date | 2015-02-25 |
| user_username | [email protected] |
| user_name | Unknown |
| user_role | likely unaffiliated, 11th issue reported, 0 reported since, 11 total |
| metasploit | None |
| bounty | $500 |
| commit_id | ea65713eae7ad5977b6af590eb45e9551ea1fb2e |
| commit_date | 2015-07-10 |
| user_username | [email protected] |
| user_name | Asanka Herath |
| user_role | senior software engineer at Google - Boston |
| method | blacklisting, disallow auto open for particular files |
| files changed | 7 |
| lines of code | 250+ |
| bounty | [employee |