PT-2015-7357 · Google+1 · Google Chrome+2

Michal Bednarski

Published

2015-12-06

Updated

2024-06-15

CVE-2015-6783

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions crazy linker (aka Crazy Linker) versions prior to the version included in Google Chrome 47.0.2526.73 Google Chrome versions prior to 47.0.2526.73

Description The issue is related to the FindStartOffsetOfFileInZipFile function in crazy linker zip.cpp, which improperly searches for an EOCD record. This allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.

Recommendations For crazy linker (aka Crazy Linker) versions prior to the version included in Google Chrome 47.0.2526.73, update to a version included in Google Chrome 47.0.2526.73 or later. For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-6783

OPENSUSE-SU-2015_2290-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

Affected Products

Google Chrome

Suse

Crazy Linker

PT-2015-7357 · Google+1 · Google Chrome+2

CVE-2015-6783

Weakness Enumeration

Related Identifiers

Affected Products

References · 2387