Download Accelerator Pro - Bug Testing

From: Auriemma Luigi (kaino3at_private)
Date: Wed Apr 18 2001 - 20:32:54 PDT

Next message: Boris Gentleman Schauerte: "Possible Overflow in ping, Linux?"

Previous message: Jarno Huuskonen: "Re: gftp exploitable?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Download Accelerator Pro is one of the most popoular and downloded
software for accelerate the files dowload.
It is an eccellent product, and I want to signal some little strange
things that I have seen in it.
I am testing the last version of DAP (4.3.02) on all the Microsoft
operative systems; these are the "strange things":

--------------------------------------------------
1) Win9x UNICODE

If we try to download a file (is the same if it exist or not) that contain
an unicode char in it (%01, %02, ...) the web browser, where DAP is
implemented for the files download, freeze it; if we go in the DAP window
program (that stay in system tray and DON'T alert the user with a window
on top), we can see the message "Internal Application Error", and the
download file is NOT reported on the download files list. When we close
this alert window, the browser
If we retry to download the same file, the download window open and we
will receive the following alert message:

---
Microsoft Visual C++ Runtime Library
Runtime Error!
Program C:\Program Files\DAP\DAP.EXE
abnormal program termination
---

After some seconds DAP kill itself and it DON'T report the download in its
file list.

Instead if we try to download other files with the unicode char in them,
DAP will alert with "Internal Application Error", and ONLY with 2 dowloads
of the same files DAP kill itself.

These are some examples that we can insert in IE or Netscape or in DAP:

1)http://127.0.0.1/%01.zip
2)http://127.0.0.1/test%03.mp3
3)http://host.com/%04test.exe
4)http://host.com/test%01%03%08test.mpg

ONLY SOME of the unicode chars are vulnerable.
--------------------------------------------------


--------------------------------------------------
2) WinNT/2k long filename

If we try to insert the following string in our browser, DAP give the SAME
errors as the "Win9x UNICODE" (first internal error, and after the
VisualC++ error with kill) :
http://127.0.0.1/aaaaaaa(until we arrive at the end).zip
--------------------------------------------------

I think that the problem is the Visual C++ library, as I can see from the
errors.
I will be very happy if someone want to help me in this bug study.
I have NOT report the thing at Speedbit because it is only a bug study,
nothing is definite.

Thanks

Next message: Boris Gentleman Schauerte: "Possible Overflow in ping, Linux?"
Previous message: Jarno Huuskonen: "Re: gftp exploitable?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 21:14:58 PDT