vendor:
Chrome
by:
SecurityFocus
7,8
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Chrome
Affected Version From: 19.0.1084.21
Affected Version To: 20.0.1132.23
Patch Exists: YES
Related CWE: CVE-2012-2817
CPE: a:google:chrome
Metasploit:
https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-2817/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-2817/, https://www.rapid7.com/db/vulnerabilities/apple-safari-cve-2012-2817/, https://www.rapid7.com/db/vulnerabilities/apple-itunes-cve-2012-2817/, https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2012-2817/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012
Google Chrome DLL Hijacking Vulnerability
Google Chrome is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Linked Library (DLL) file. The code snippet provided in the text is an example of a DLL hijacking exploit.
Mitigation:
Ensure that the application is running with the least privileges necessary. Ensure that the application is not running with administrative privileges. Ensure that the application is running in a restricted environment. Ensure that the application is running in a sandbox environment.
