[NT] Buffer Overflow in WideChapter Browser
From: SecuriTeam (support_at_securiteam.com)
Date: 09/16/03
- Previous message: SecuriTeam: "[NT] Yak! File Transfer Mechanism Exposes System To Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 16 Sep 2003 16:06:31 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Buffer Overflow in WideChapter Browser
------------------------------------------------------------------------
SUMMARY
<http://www.widechapter.com> WideChapter "is the most powerful multi
Chapter multi tab web browser. WideChapter is a stable, fast,
user-friendly browser. WideChapter gives each web site its own tab!
WideChapter runs under Windows 98, Windows NT4, Windows ME, Windows 2000,
and Windows XP and requires that IE to be installed. WideChapter is a
standalone browser application that uses services provided by Microsoft
Internet Explorer to navigate HTML. WideChapter currently requires
Internet Explorer 5.5/above to be installed on the client computer".
It is possible to cause a buffer overflow in WideChapter Browser by
causing it to initiate a long HTTP request. The overflow allows
modification of the EIP pointer - allowing a malicious attacker to cause
the program to execute arbitrary code.
DETAILS
Vendor Status:
The vendor has been informed, and they are fixing this bug.
Proof of concept exploit:
By embedding the following JavaScript into a web page: <
script>window.open(http://AAA.. [Ax517])</script>, it is possible to cause
the EIP to overwrite once a user visits the web page.
An exploit for Windows XP Home has created and is available for download
from: <http://www.elitehaven.net/wcexploit.zip>
http://www.elitehaven.net/wcexploit.zip
ADDITIONAL INFORMATION
The information has been provided by <mailto:b_naamneh@hotmail.com> Bahaa
Naamneh.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Yak! File Transfer Mechanism Exposes System To Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] Windows Embedded Open Type (EOT) Font Heap Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in the way that
Windows uncompresses Embedded Open Type ... fonts allow the author of a malicious
web page to execute arbitrary code ... A heap overflow vulnerability exists in T2EMBED.DLL,
... (Securiteam) - [NT] Windows VDM #UD Local Privilege Escalation
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... vulnerability to fully compromise
a Windows NT 4.0, Windows 2000, Windows ... 32-bit VDM "host" code, and the invalid
opcode fault handler within the ... process).The kernel does not validate the address to which
execution is ... (Securiteam) - [NT] Windows Workstation Service Remote Buffer Overflow (Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Workstation
Creates and maintains client network connections ... the log file. ... The string
arguments for this logging function are supplied as ... (Securiteam) - [REVS] Removing about:blank Homepage Hijacker
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... expanded with almost a dozen other
checks against hijacker tricks. ... To Remove "About:Blank" Hijacker Adware In Windows
XP Home edition Service ... The "value" window reveals the hidden file name. ...
(Securiteam) - [NT] Microsoft Explorer and Internet Explorer Long Share Name Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... MS Explorer and MS Internet
Explorerare core ... pieces of Microsoft Windows Operating Systems. ... Rodrigo
Gutierrez notified the vendor in the beginning of 2002, ... (Securiteam)
