OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: stake advisories (stake)
Date: Fri Apr 13 2001 - 15:29:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                              stake, Inc.
                             www.atstake.com

                        Security Advisory Notification

    Advisory Name: Netscape SmartDownload Overflow
       Release Date: 04/13/2001
        Application: Netscape SmartDownload 1.3
           Platform: Microsoft Windows
           Severity: An attacker can execute arbitrary code on the system
                     running Smart Download.
          Author(s): Frank Swiderski (fesatstake.com)
    Vendor Status: Vendor has updated version of program
                CVE: CAN-2001-0262
          Reference: www.atstake.com/research/advisories/2001/a041301-1.txt

    Overview:

    Netscape SmartDownload is a browser plugin that allows users to pause and
    resume downloads from the Internet. It can be installed separately, or
    when installing Netscape's Communicator. If enabled, SmartDownload can
    handle downloads spawned by both Netscape and Microsoft Internet
    Explorer, possibly others. However, if SmartDownload was installed and
    subsequently "disabled," the system will still be vulnerable to attack.

    SmartDownload parses all URLs that the web browser accesses. As part
    of the parsing, it copies the file requested using an unbounded string
    operation to a buffer on the stack, allowing a classic overwrite of the
    saved instruction pointer, and potential execution of malicious code.

    Because SmartDownload installs plugins for all browsers it supports by
    default (which includes both Netscape Communicator and Microsoft Internet
    Explorer), most users who have SmartDownload on their system are vulnerable
    to this condition. Because SmartDownload parses all outgoing requests,
    the condition can be exploited very easily, and does not always require
    the user to click or actively request a link.

    Vendor Response:

    Vendor has an updated version, SmartDownload 1.4, which addresses this
    problem. You can download the latest SmartDownload at:

    http://home.netscape.com/download/smartdownload.html

    Advisory Reference:

    http://www.atstake.com/research/advisories/2001/a041301-1.txt

    ** The advisory contains additional information. We encourage those
    ** effected by this issue to read the advisory.
    **
    ** All vulnerablity database maintainers should reference the above
    ** advisory reference URL to refer to this advisory.

    Advisory policy: http://www.atstake.com/research/policy/
    For more advisories: http://www.atstake.com/research/advisories/
    PGP Key: http://www.atstake.com/research/pgp_key.asc

    Copyright 2001 stake, Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    iQA/AwUBOtdhPFESXwDtLdMhEQLKFwCcCwKMqwg9iHVz0dkCboEGUwPpfyoAnjdU
    k6NqIlrZAgXtUxe3AyEkc5mj
    =Pukn
    -----END PGP SIGNATURE-----