Vulnerability Details : CVE-2010-0657
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
Exploit prediction scoring system (EPSS) score for CVE-2010-0657
Probability of exploitation activity in the next 30 days: 0.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0657
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2010-0657
-
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
Chrome Releases: Stable Channel Update
-
http://code.google.com/p/chromium/issues/detail?id=23693
23693 - Security: sanitize URLs better before creating desktop shortcuts - chromium - Monorail
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14306
Repository / Oval Repository
-
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
Page not found - The Chromium Projects
-
http://securitytracker.com/id?1023506
Google Chrome Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Obtain Information. - SecurityTracker
Products affected by CVE-2010-0657
- cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*