CVE-2013-6652

Google Chrome < 33.0.1750.117 - Path Traversal via Named Pipe Dispatcher

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.

References (3)

Core 3

Scores

EPSS 0.0123
EPSS Percentile 65.2%

Details

CWE
CWE-22
Status published
Products (50)
google/chrome 33.0.1750.0
google/chrome 33.0.1750.1
google/chrome 33.0.1750.2
google/chrome 33.0.1750.3
google/chrome 33.0.1750.4
google/chrome 33.0.1750.5
google/chrome 33.0.1750.6
google/chrome 33.0.1750.7
google/chrome 33.0.1750.8
google/chrome 33.0.1750.9
... and 40 more
Published Feb 24, 2014
Tracked Since Feb 18, 2026