Buffer Overflow in WideChapter Browser
Buffer Overflow in WideChapter Browser
Advisory Information:
=====================
Application: WideChapter Browser
Vendor Homepage: http://www.widechapter.com
Versions: 3.0 (and earlier versions)
Platforms: Windows (all)
Severity: High
Date: 12.09.03
Introduction:
=============
"WideChapter is the most powerful multi Chapter multi tab web browser.
WideChapter is a stable, fast, user-friendly browser. WideChapter gives each
web site its own tab!
WideChapter runs under Windows 98, NT4, ME, 2000 and XP and requires that IE is
installed. WideChapter is a standalone browser application that uses services
provided by Microsoft Internet Explorer to navigate HTML. WideChapter currently
requires Internet Explorer 5.5/above to be installed on the client computer."
Details:
========
Vulnerability: It is possible to cause a Buffer overflow in WideChapter Browser
by sending long http request, allowing total modification of the EIP pointer -
this can be maliciously altered to allow remote arbitrary code execution.
The vulnerability is due to a lack of boundary condition checks on URL values.
Vendor Status:
==============
The vendor has been informed, and they are fixing this bug.
Proof of concept Exploit:
=========================
[script]window.open(http://AAA.. [Ax517])[/script]
Discovered by/Credit:
=====================
Bahaa Naamneh
b_naamneh@xxxxxxxxxxx
www.bsecurity.tk