CVE-2008-6996 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-6996 PUBLISHED CVSS 5 MEDIUM

Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.

EPSS 13.33% · 94.1th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

13.33%

94.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
google	chrome	0.2.149.27

Timeline

Sep 3, 2008 PoC Published
Aug 18, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

48261 vdb
20080903 Re: Google Chrome Automatic File Download mailing-list
6355 exploit
20080906 Google Chrome Auto download exploit .. mailing-list
googlechrome-file-download(44904) vdb
http://src.chromium.org/viewvc/chrome?view=rev&revision=1793 url
20080906 Re: RES: Google Chrome Automatic File Download mailing-list
31000 vdb
20080904 Re: Google Chrome Automatic File Download mailing-list
http://codereview.chromium.org/472/diff/1/2 url
20080902 Google Chrome Automatic File Download mailing-list
20080903 RES: Google Chrome Automatic File Download mailing-list
20080903 RE: Google Chrome Automatic File Download mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2008-6996 advisory

Open in Interactive Console →