Home page logo

bugtraq logo Bugtraq mailing list archives

Buffer Overflow in WideChapter Browser
From: Bahaa Naamneh <b_naamneh () hotmail com>
Date: 13 Sep 2003 16:32:54 -0000

Buffer Overflow in WideChapter Browser

Advisory Information:
Application: WideChapter Browser 
Vendor Homepage: http://www.widechapter.com
Versions: 3.0 (and earlier versions)
Platforms: Windows (all) 
Severity: High
Date: 12.09.03

"WideChapter is the most powerful multi Chapter multi tab web browser. WideChapter is a stable, fast, user-friendly 
browser. WideChapter gives each web site its own tab! 
WideChapter runs under Windows 98, NT4, ME, 2000 and XP and requires that IE is installed. WideChapter is a standalone 
browser application that uses services provided by Microsoft Internet Explorer to navigate HTML. WideChapter currently 
requires Internet Explorer 5.5/above to be installed on the client computer."

Vulnerability: It is possible to cause a Buffer overflow in WideChapter Browser by sending long http request, allowing 
total modification of the EIP pointer - this can be maliciously altered to allow remote arbitrary code execution.
The vulnerability is due to a lack of boundary condition checks on URL values. 

Vendor Status:
The vendor has been informed, and they are fixing this bug.

Proof of concept Exploit:
[script]window.open(http://AAA.. [Ax517])[/script]

Discovered by/Credit:
Bahaa Naamneh
b_naamneh () hotmail com

  By Date           By Thread  

Current thread:
  • Buffer Overflow in WideChapter Browser Bahaa Naamneh (Sep 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]