Vulnerability Description
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 33.0.1750.116 | |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.htmlVendor Advisory
- https://code.google.com/p/chromium/issues/detail?id=334897
- https://src.chromium.org/viewvc/chrome?revision=247511&view=revisionPatch
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.htmlVendor Advisory
- https://code.google.com/p/chromium/issues/detail?id=334897
- https://src.chromium.org/viewvc/chrome?revision=247511&view=revisionPatch
FAQ
What is CVE-2013-6652?
CVE-2013-6652 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the...
How severe is CVE-2013-6652?
CVE-2013-6652 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6652?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Microsoft Windows.