| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 13 Sep 2003 16:32:54 -0000 From: Bahaa Naamneh <b_naamneh@...mail.com> To: bugtraq@...urityfocus.com Subject: Buffer Overflow in WideChapter Browser Buffer Overflow in WideChapter Browser Advisory Information: ===================== Application: WideChapter Browser Vendor Homepage: http://www.widechapter.com Versions: 3.0 (and earlier versions) Platforms: Windows (all) Severity: High Date: 12.09.03 Introduction: ============= "WideChapter is the most powerful multi Chapter multi tab web browser. WideChapter is a stable, fast, user-friendly browser. WideChapter gives each web site its own tab! WideChapter runs under Windows 98, NT4, ME, 2000 and XP and requires that IE is installed. WideChapter is a standalone browser application that uses services provided by Microsoft Internet Explorer to navigate HTML. WideChapter currently requires Internet Explorer 5.5/above to be installed on the client computer." Details: ======== Vulnerability: It is possible to cause a Buffer overflow in WideChapter Browser by sending long http request, allowing total modification of the EIP pointer - this can be maliciously altered to allow remote arbitrary code execution. The vulnerability is due to a lack of boundary condition checks on URL values. Vendor Status: ============== The vendor has been informed, and they are fixing this bug. Proof of concept Exploit: ========================= [script]window.open(http://AAA.. [Ax517])[/script] Discovered by/Credit: ===================== Bahaa Naamneh b_naamneh@...mail.com www.bsecurity.tk
Powered by blists - more mailing lists