| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030714144824.5377.qmail@www.securityfocus.com> Date: 14 Jul 2003 14:48:24 -0000 From: martin rakhmanoff <jimmers@...dex.ru> To: bugtraq@...urityfocus.com Subject: Netscape 7.02 Client Detection Tool plug-in buffer overrun Advisory name ============= Netscape 7.02 Client Detection Tool plug-in buffer overrun Affected software ================= Netscape 7.02 for Windows Problem description =================== Netscape 7.02 (and probably earlier versions) contains Client Detection Tool plug-in that handles application/x-cdt Mime type. One of this plug-in routines suffers from buffer overrun. To exploit this issue one needs to send mail message to victim with attachment that has specifically crafted filename and entice the victim to double-click it. When the victim double clicks the attachment then attacker's code is executed in context of victim's user account. Proof-of-concept exploit is published in whitepaper "CDT plug-in bug: exploit in ASCII": http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf Mitigating factors ================== Attacker must know OS and length of victim username to exploit this issue. Also proof-of-concept exploit assumes that user runs Windows with default settings. Resolution ========== Manually remove CDT plug-in (npcdt.dll) from Netscape /components folder or upgrade to latest version of the browser that has CDT plug-in removed. Vendor status ============= Netscape was notified. Netscape considers this bug as "internal" so no patch will be released. Copyright (c) 2003 Martin Rakhmanov.
Powered by blists - more mailing lists