Sep
5.
von admin um 14:43:39 Uhr
Security Alert!
Es ist ein weiteres Exploit aufgetaucht, das dem Angreifer durch ein Buffer Overflow Zugang zum System gewährt. Die Lücke wird geöffnet, wenn man Webseiten speichert, die überlange Titel (<title>…</title>) haben. Die Lücke wird als kritisch eingestuft und betrifft die Version 0.2.149.27
Original-Meldung:
Type of Issue : Buffer Overflow. Affected Software : Google Chrome 0.2.149.27. Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2. Impact: Remote code execution. Rating : Critical Description : The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving a malicious page with an overly long title (<title> tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users’ systems. How an attacker could exploit the issue : To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system. Discoverer : Le Duc Anh - SVRT - Bkis About SVRT : SVRT, which is short for Security Vulnerability Research Team, is one of Bkis researching groups. SVRT specializes in the detection, alert and announcement of security vulnerabilities in software, operating systems, network protocols and embedded systems… Website : security.bkis.vn Mail : svrt[at]bkav.com.vn
Hier gibt es einen Testbericht zum neuen Browser von Moehli
