Buffer overflow in Avant Browser 8.02

From: nimber (nimberat_private)
Date: Thu Aug 21 2003 - 14:48:52 PDT

  • Next message: Drew Copley: "RE: Popular Net anonymity service back-doored" 

     ______________________________________________________________
/###############################################################\
# ZUD SECURITY TEAM PRESENT     #                              #:
################################                               #:
#    bug found by nimber        #      (0_0(0_o)0_o)           #:
# Email : nimberat_private    #                              #:
# Site:    www.zudteam.org      #     www.zudteam.org          #:
# HomePage: www.nimber.plux.ru  #                              #:
################################################################:
======================\\                                        :
Advisory Information: //----------------------------------------o
=====================//                                         :
Application        : Avant Browser                              :
Date               : 21.08.2003                                 :
Vendor Homepage    : http://avantbrowser.com                    :
Versions           : 8.02 (maybe older)                         :
Platforms          : all Win.                                   :
Severity           : High                                       :
----------------------------------------------------------------o
Powerful Browser on the base IE. 1999 - 2003.                   :
Supports: Built-in Pop-up Stopper,                              :
Flash Animation Filter, Safe Recovery,Scins,                    :
Built-in Google Search Engine.                                  :
======================\\---------------------------------------/
Overview:             // Buffer overflow in Avant Browser 8.02/
=====================//______________________________________/
Local: yes                                                  |
Remote: yes                                                 |
1) Crash browser by sending long http request.              o
Exaple:                                                     |
http://AAAAAAA[more 780 chars]                              |
2) Or at opening of long link.                              |
Exaple:                                                     |
<a href="http://AAA[more 780 chars]">aaa</a>                |
After start Browser will not possible.                      |
(after recurrent installation even!!!)                      |
When starting you see reporting on mistakes:                |
"Access violation at address 77D6318 in module 'USER32.dll' |
Write od address 011C1000"                                  |
And else:                                                   |
"avant.exe has encountered a problem and needs to close."   |
"Exception EReadError in module avant.exe at 00021AD3.      |
Error reading cbAddress.Left: Access volation at address    |
0012D798. Write of address 00000000."                       |
Overflow Buffer occurs in an effort Browser copy a visit    |
reference in Buffer exchange.                               |
____________________________________________________________o
Path: Can be will be corrected in following versions.       |
____________________________________________________________|
Gr33tZ: תבעבתב, ZeT,euronymous, subj, Zud Team, void.ru,    |
RusH Team,m00 security,eXploit.ru,LWTeam, F0K Project,      |
Free-Crew.                                                  |
___________________________________________________________//
Thank You.
--------------
For contact:
e-mail: nimberat_private
icq: 132614
web-site: www.zudteam.org

    This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 15:56:45 PDT