[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-2555Date: (C)2009-07-21   (M)2018-06-05


Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
BID-35722
SECUNIA-35844
OSVDB-55939
ADV-2009-1924
googlechrome-javascript-bo(51801)
http://code.google.com/p/chromium/issues/detail?id=14719
http://codereview.chromium.org/141042
http://codereview.chromium.org/141042/diff/6/1004
http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html

CPE    29
cpe:/a:google:v8:1.0
cpe:/a:google:chrome:0.2.149.30
cpe:/a:google:chrome:1.0.154.39
cpe:/a:google:chrome:1.0.154.59
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:33088
oval:org.secpod.oval:def:33089
oval:org.secpod.oval:def:36774
oval:org.secpod.oval:def:36775
...

© SecPod Technologies