Reported September 18, 2003, by Bahaa Naamneh.

 

 

VERSIONS AFFECTED

 

  • WideChapter Internet Browser for Windows

 

DESCRIPTION

 

<span style="font-family:Verdana">A vulnerability in WideChapter Internet Browser for Windows can result in the execution of arbitrary code on the vulnerable system. By initiating a long HTTP request, an attacker can cause a buffer overflow in WideChapter. This overflow permits modification of the Execution Instruction Point, which lets the attacker execute arbitrary code.</h3>

 

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

By embedding the following JavaScript into a web page: < script>window.open(http://AAA.. \[Ax517\])</script>, it is possible to cause the EIP to overwrite once a user visits the web page.

An exploit for Windows XP Home has created and is available for download from: http://www.elitehaven.net/wcexploit.zip

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.widechapter.com" style="color: blue; text-decoration: underline; text-underline: single">WideChapter</a> has been notified.</h3>

 

CREDIT                                                                                                       
Discovered by Bahaa Naamneh.