Home page logo
/

bugtraq logo Bugtraq mailing list archives

Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 15 Mar 2000 13:04:37 -0300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local / Remote  DoS Attack in MERCUR WebView WebMail-Client 1.0 for
Windows 98/NT Vulnerability

USSR Advisory Code:   USSR-2000036

Release Date:
March 16, 2000

Systems Affected:
MERCUR WebMail-Client Version 1.0 port (1080)

THE PROBLEM

UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0
where they
do not use proper bounds checking in the code who handle the GET
commands
The following all result in a Denial of Service against the service
in question.

Example:
http://hostip:1080/mmain.html&mail_user=(buffer)

Where [buffer] is  aprox. 1000 characters. (0)

Binary or source for this Exploit:

http://www.ussrback.com/

Exploit:
the Exploit, crash the remote machine service WebMail

Vendor Status:
informed

Vendor   Url: http://www.atrium-software.com
Program Url: http://www.atrium-software.com/mercur/webview_e.html

Credit: USSRLABS

SOLUTION
Noting yet.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
Wiretrip.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOM+0lKVRYEYcg938EQLq4QCePdgf0R2IJe+Aj6B2vITCMRqXQ0AAoMlG
XqMksVbiVGmBkidwiwwWlSVc
=Aem+
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault