[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Law11-OE26TrpwACkWH0006426f@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Naviscope - DoS
------------------------------------------------------------------
- EXPL-A-2003-013 exploitlabs.com Advisory 013
------------------------------------------------------------------
-= Naviscope =-
Donnie Werner
morning_wood@...loitlabs.com
July,8 2003
Product:
--------
Naviscope v8.70
http://www.naviscope.com/
Vunerability(s):
----------------
1. Local DoS
2. OEM ID Transmission
Reviews:
--------
http://www.naviscope.com/awards.htm
Description of product:
-----------------------
"Naviscope is a powerful Web Accelerator and complete package
of Internet Tools."
http://www.naviscope.com/dnload.htm
VUNERABILITY / EXPLOIT
======================
by default Naviscope binds to 0.0.0.0:81
connecting to http://127.0.0.1:81 causes Naviscope to loop, taking CPU
use to
100% and opening up hundreds of connections to itself.
naviscope sets IE to proxy through 127.0.0.1:81 upon execution (by
default)
it does not return the browser ( IE ) to its pre-execution default
state, rendering browsing useless
until reactivation, or manually adjusting the proxy setting in IE
it also connects to http://naviscope.com and sends
v=0870&r=00&s=[BAD9]&k=[ ]&exeid=0&FB=1&winser=[WINDOWS-PRODUCTI
D]
where WINDOWS-PRODUCTD is the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId
Local:
------
yes
Remote:
-------
not verified
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
Concurrent with this advisory
feedback@...iscope.com
Credits:
--------
Donnie Werner
http://exploitlabs.com
Original Advisory may be read at:
http://exploitlabs.com/files/advisories/EXPL-A-2003-013-naviscope.txt
Powered by blists - more mailing lists