CVE-2008-5749

Google Chrome <1.0.154.36 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5749. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages a parameter injection vulnerability in Google Chrome's ChromeHTML URI handler to execute arbitrary commands via command-line switches. The PoC demonstrates launching calc.exe by manipulating the renderer-path parameter.

Description

Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/7566

View Code ZIP pw:eip

This exploit leverages a parameter injection vulnerability in Google Chrome's ChromeHTML URI handler to execute arbitrary commands via command-line switches. The PoC demonstrates launching calc.exe by manipulating the renderer-path parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome 1.0.154.36

No auth needed

Prerequisites: User interaction (clicking a link) · Google Chrome installed with vulnerable version

MITRE ATT&CK