CVE-2015-8664

HIGH

Chrome < 47.0.2526.106 - Integer Overflow in WebCursor::Deserialize

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8664. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates a heap-based buffer overflow in Chromium's WebCursor::GetPlatformCursor method due to mismatched buffer allocation and memcpy operations. The PoC modifies WebCursor::Serialize to trigger the vulnerability by sending malformed cursor data.

Description

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39039

View Code ZIP pw:eip

The exploit demonstrates a heap-based buffer overflow in Chromium's WebCursor::GetPlatformCursor method due to mismatched buffer allocation and memcpy operations. The PoC modifies WebCursor::Serialize to trigger the vulnerability by sending malformed cursor data.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chromium (versions prior to fix for CVE-2015-8664)

No auth needed

Prerequisites: Access to a vulnerable Chromium instance · Ability to deliver crafted HTML/JS payload

MITRE ATT&CK