Buffer overflow in Avant Browser 8.02
From: Q?=nimberQ=20?= (nimber_at_mail.ru)
Date: 08/21/03
- Previous message: Aron Nimzovitch: "Re: Popular Net anonymity service back-doored"
- In reply to: Aaron C. Newman: "AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Fri, 22 Aug 2003 01:48:52 +0400
______________________________________________________________
/###############################################################\
# ZUD SECURITY TEAM PRESENT # #:
################################ #:
# bug found by nimber # (0_0(0_o)0_o) #:
# Email : nimber@designer.ru # #:
# Site: www.zudteam.org # www.zudteam.org #:
# HomePage: www.nimber.plux.ru # #:
################################################################:
======================\\ :
Advisory Information: //----------------------------------------o
=====================// :
Application : Avant Browser :
Date : 21.08.2003 :
Vendor Homepage : http://avantbrowser.com :
Versions : 8.02 (maybe older) :
Platforms : all Win. :
Severity : High :
----------------------------------------------------------------o
Powerful Browser on the base IE. 1999 - 2003. :
Supports: Built-in Pop-up Stopper, :
Flash Animation Filter, Safe Recovery,Scins, :
Built-in Google Search Engine. :
======================\\---------------------------------------/
Overview: // Buffer overflow in Avant Browser 8.02/
=====================//______________________________________/
Local: yes |
Remote: yes |
1) Crash browser by sending long http request. o
Exaple: |
http://AAAAAAA[more 780 chars] |
2) Or at opening of long link. |
Exaple: |
<a href="http://AAA[more 780 chars]">aaa</a> |
After start Browser will not possible. |
(after recurrent installation even!!!) |
When starting you see reporting on mistakes: |
"Access violation at address 77D6318 in module 'USER32.dll' |
Write od address 011C1000" |
And else: |
"avant.exe has encountered a problem and needs to close." |
"Exception EReadError in module avant.exe at 00021AD3. |
Error reading cbAddress.Left: Access volation at address |
0012D798. Write of address 00000000." |
Overflow Buffer occurs in an effort Browser copy a visit |
reference in Buffer exchange. |
____________________________________________________________o
Path: Can be will be corrected in following versions. |
____________________________________________________________|
Gr33tZ: תבעבתב, ZeT,euronymous, subj, Zud Team, void.ru, |
RusH Team,m00 security,eXploit.ru,LWTeam, F0K Project, |
Free-Crew. |
___________________________________________________________//
Thank You.
--------------
For contact:
e-mail: nimber@mail.ru
icq: 132614
web-site: www.zudteam.org
