CVE-2008-6996

Google Chrome 0.2.149.27 - Denial of Service via Automatic Executable File Download

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6996. PoCs published by nerex.

AI-analyzed exploit summary This PoC exploits a vulnerability in Google Chrome (BETA) that allows automatic file downloads without user prompt by embedding an iframe pointing to an executable. It demonstrates how arbitrary files can be downloaded to a user's system without interaction.

Description

Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nerex · textremotewindows

https://www.exploit-db.com/exploits/6355

View Code ZIP pw:eip

This PoC exploits a vulnerability in Google Chrome (BETA) that allows automatic file downloads without user prompt by embedding an iframe pointing to an executable. It demonstrates how arbitrary files can be downloaded to a user's system without interaction.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome (BETA) on Windows Vista SP1 and Windows XP SP3

No auth needed

Prerequisites: Victim must be using Google Chrome (BETA) on a vulnerable Windows system · Attacker must host a malicious file on a web server

MITRE ATT&CK