Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Mozilla Browser Heap Overflow in Processing 'jar:' URIs Allows Remote Users to Execute Arbitrary Code on the Browser |
|---|
Categorie: Vulnerability
Posted: 2002-11-18 by ReCall
Views: 378
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A heap overflow vulnerability involving the processing of 'jar:' URIs was reported in the Mozilla browser. A remote user can cause arbitrary code to be executed on a target user's browser when the target user views a malicious GIF file.
It is reported that Mozilla contains a heap corruption flaw that can be triggered by a remote user via the 'jar:' URI handler.
A remote user can create a specially crafted jar file that contains a GIF image file and malicious code. Then, the remote user can create HTML that calls the file via a 'jar:' URL. An example URL is shown below:
jar:http://host/~username/new.jar!/test.gif
When the file is expanded, a heap-based overflow can be triggered. The user-supplied malicious code can overwrite an address pointer so that when memory is freed, the function pointer is called and user-supplied code is executed. The code will run with the privileges of the target user.
A demonstration exploit method related to the above listed example URL is described in the Source Message.
The vendor has reportedly been notified.
Impact: A remote user can cause arbitrary code to be executed when a specially crafted URL is loaded.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=323
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
