Vulnerability Name:

CVE-2008-5750 (CCN-47598)

Assigned:2008-12-23
Published:2008-12-23
Updated:2018-10-11
Summary:Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5750

Source: MISC
Type: Exploit
http://retrogod.altervista.org/9sg_chrome.html

Source: SREASON
Type: UNKNOWN
4821

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 51320
Microsoft IE chromehtml: URI --renderer-path Option Arbitrary Command Execution

Source: BUGTRAQ
Type: UNKNOWN
20081223 Google Chrome Browser (ChromeHTML://) remote parameter injection POC

Source: CCN
Type: BID-32997
Google Chrome 'chromeHTML://' Command Line Parameter Injection Vulnerability

Source: BID
Type: UNKNOWN
32999

Source: CCN
Type: BID-32999
Retired: Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability

Source: XF
Type: UNKNOWN
google-chrome-chromehtml-command-execution(47598)

Source: EXPLOIT-DB
Type: UNKNOWN
7566

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:8:beta2:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 8 beta2
    microsoft windows xp * sp3
    google chrome 1.0.154.36