Home page logo

bugtraq logo Bugtraq mailing list archives

Re: CommonName Toolbar potentially exposes LAN web addresses
From: Andrew Clover <and () doxdesk com>
Date: Fri, 4 Oct 2002 15:35:04 +0000

Eric Stevens <mightye () mightye org> wrote:

Due to a bug in the URL validation done in CommonName Toolbar (in at least
dll version on IE 6), addresses from local intranets may be exposed
to the CommonName organization.

During my tests this also occurred on all TLDs not belonging to
a built-in list in the DLL. This includes for example .edu and .mil
along with the more obscure .gb and .su, and any domains from
alternative root DNS providers.

A more serious issue was that any URLs used in these TLDs got
corrupted on the journey to and back from CommonName's servers,
making it impossible for users of the CommonName software to
access pages whose URLs are more than 72 characters long in any
of these domains. However, I don't believe this is due to an
overflow at the client end; I know of no similar security
issue with this software.

CommonName Ltd. assure me these problems have been fixed in
version of the software, available from commonname.com
now. Indeed I don't see any of these problems any more.
However, I am somewhat concerned to see the new version
includes a Winsock2 Layered Service Provider (a type of
component which various spyware applications have used before,
often causing disastrous network problems), and registers an ActiveX
control under the classid 000000000000-0000-0000-0000-00000000,
which doesn't seem like a good idea either.

even the sneakiest spyware will be unable to install itself on your
system, unless it chooses random locations and file names.

Unfortunately quite a few of these parasites install themselves
in %WinDir%\System32 or %WinDir%\Downloaded Program Files, which
are not so easy to protect!

Andrew Clover
mailto:and () doxdesk com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]