Buffer Overflow in WideChapter Browser

Advisory Information:

=====================

Application: WideChapter Browser

Vendor Homepage: http://www.widechapter.com

Versions: 3.0 (and earlier versions)

Platforms: Windows (all)

Severity: High

Date: 12.09.03

Introduction:

=============

"WideChapter is the most powerful multi Chapter multi tab web browser. WideChapter is a stable, fast, user-friendly browser. WideChapter gives each web site its own tab!

WideChapter runs under Windows 98, NT4, ME, 2000 and XP and requires that IE is installed. WideChapter is a standalone browser application that uses services provided by Microsoft Internet Explorer to navigate HTML. WideChapter currently requires Internet Explorer 5.5/above to be installed on the client computer."

Details:

========

Vulnerability: It is possible to cause a Buffer overflow in WideChapter Browser by sending long http request, allowing total modification of the EIP pointer - this can be maliciously altered to allow remote arbitrary code execution.

The vulnerability is due to a lack of boundary condition checks on URL values.

Vendor Status:

==============

The vendor has been informed, and they are fixing this bug.

Proof of concept Exploit:

=========================

[script]window.open(http://AAA.. [Ax517])[/script]

Discovered by/Credit:

=====================

Bahaa Naamneh

b_naamneh (at) hotmail (dot) com [email concealed]

www.bsecurity.tk

[ reply ]