Netscape 4 DoS/Possibly exploitable buffer overflow.

From: Laslo Orto (lasloat_private)
Date: Mon Jan 12 1998 - 13:23:34 PST

Next message: Aleph One: "Q179129: STOP 0x0000000A Due to Modified Teardrop Attack"

Previous message: Ruth Milner [VLA]: "update on Solaris 2.6 security logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've never seen this posted/discussed anywhere before, so here it goes.

Netscape (version verified is 4.03) has a buffer overflow bug in their
bookmarks code. When somebody goes to a web page with a very long title
(6-8k) and then s/he bookmarks the page, netscape will start crashing at
loading bookmark.htm on startup. It's similar to the IE4 bug discovered
not long ago, but here you have to get the victim to bookmark the attackers
page.


Laslo Orto                              Computer Pages / Better.Net
Systems Administrator                   253 Sheppard Ave. West
lasloat_private / lasloat_private       Toronto, Canada M2N 1N2
www.cpol.com / www.better.net           Ph: +1 416 225 3030
                                        Fax: +1 416 225 6737

Next message: Aleph One: "Q179129: STOP 0x0000000A Due to Modified Teardrop Attack"
Previous message: Ruth Milner [VLA]: "update on Solaris 2.6 security logging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:42 PDT