CVE-2012-2764

Google Chrome <20.0.1132.43 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2764. PoCs published by Moshe Zioni.

AI-analyzed exploit summary This exploit demonstrates a DLL hijacking vulnerability in Google Chrome (CVE-2012-2764). The malicious DLL, when loaded from a network share, executes arbitrary code (e.g., launching calc.exe) via the DllMain function.

Description

Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Moshe Zioni · cremotewindows
https://www.exploit-db.com/exploits/37510

This exploit demonstrates a DLL hijacking vulnerability in Google Chrome (CVE-2012-2764). The malicious DLL, when loaded from a network share, executes arbitrary code (e.g., launching calc.exe) via the DllMain function.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Google Chrome 19.0.1084.21 to 20.0.1132.23
No auth needed
Prerequisites: Victim must open a file from a network share containing the malicious DLL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15375

Scores

EPSS 0.0044
EPSS Percentile 35.0%

Details

Status published
Products (43)
google/chrome 20.0.1132.0
google/chrome 20.0.1132.1
google/chrome 20.0.1132.2
google/chrome 20.0.1132.3
google/chrome 20.0.1132.4
google/chrome 20.0.1132.5
google/chrome 20.0.1132.6
google/chrome 20.0.1132.7
google/chrome 20.0.1132.8
google/chrome 20.0.1132.9
... and 33 more
Published Jun 27, 2012
Tracked Since Feb 18, 2026