'@stake Security Advisory: Netscape SmartDownload Overflow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    @stake Security Advisory: Netscape SmartDownload Overflow
From:       " () stake advisories" <advisories () ATSTAKE ! COM>
Date:       2001-04-13 20:29:51
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                          @stake, Inc.
                         www.atstake.com

                    Security Advisory Notification


Advisory Name: Netscape SmartDownload Overflow
   Release Date: 04/13/2001
    Application: Netscape SmartDownload 1.3
       Platform: Microsoft Windows
       Severity: An attacker can execute arbitrary code on the system
                 running Smart Download.
      Author(s): Frank Swiderski (fes@atstake.com)
Vendor Status: Vendor has updated version of program
            CVE: CAN-2001-0262
      Reference: www.atstake.com/research/advisories/2001/a041301-1.txt


Overview:

Netscape SmartDownload is a browser plugin that allows users to pause and
resume downloads from the Internet. It can be installed separately, or
when installing Netscape's Communicator. If enabled, SmartDownload can
handle downloads spawned by both Netscape and Microsoft Internet
Explorer, possibly others. However, if SmartDownload was installed and
subsequently "disabled," the system will still be vulnerable to attack.

SmartDownload parses all URLs that the web browser accesses. As part
of the parsing, it copies the file requested using an unbounded string
operation to a buffer on the stack, allowing a classic overwrite of the
saved instruction pointer, and potential execution of malicious code.

Because SmartDownload installs plugins for all browsers it supports by
default (which includes both Netscape Communicator and Microsoft Internet
Explorer), most users who have SmartDownload on their system are vulnerable
to this condition. Because SmartDownload parses all outgoing requests,
the condition can be exploited very easily, and does not always require
the user to click or actively request a link.


Vendor Response:

Vendor has an updated version, SmartDownload 1.4, which addresses this
problem. You can download the latest SmartDownload at:

http://home.netscape.com/download/smartdownload.html


Advisory Reference:

http://www.atstake.com/research/advisories/2001/a041301-1.txt

** The advisory contains additional information. We encourage those
** effected by this issue to read the advisory.
**
** All vulnerablity database maintainers should reference the above
** advisory reference URL to refer to this advisory.


Advisory policy: http://www.atstake.com/research/policy/
For more advisories: http://www.atstake.com/research/advisories/
PGP Key: http://www.atstake.com/research/pgp_key.asc

Copyright 2001 @stake, Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOtdhPFESXwDtLdMhEQLKFwCcCwKMqwg9iHVz0dkCboEGUwPpfyoAnjdU
k6NqIlrZAgXtUxe3AyEkc5mj
=Pukn
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic