Bugtraq mailing list archives
Netscape Communicator 4.7 - Navigator Overflows
From: boto () MAIL HARTFORD EDU (Mike Boto)
Date: Wed, 24 Nov 1999 14:15:36 -0500
Netscape Communicator 4.7 - Navigator Overflow If this has already been posted please let me know. This is also my first time submitting something, so if I'm doing something wrong bear with me. Netscape Navigator for Win95/98 has a hard time with .asp extensions. I've found that after entering the hexadecimal value 0xAAAAA....(I put in 800 A's just to be sure) after the http://hostname.com/dosomething.asp?, Netscape crashes with the following error. NETSCAPE caused an invalid page fault in module <unknown> at 0084:41414141. Registers: EAX=00000000 CS=015f EIP=41414141 EFLGS=00010246 EBX=00954c84 SS=0167 ESP=00b486f4 EBP=41414141 ECX=0000003f DS=0167 ESI=000031d2 FS=0fdf EDX=00b47dd3 ES=0167 EDI=00b4c160 GS=0000 Bytes at CS:EIP: Stack dump: 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 The user is forced to reboot to get rid of the messagebox (well that's always how it is with Netscape errors). It may be possible to execute arbitrary commands with.
Current thread:
- [ COBALT ] Security Advisory - Sendmail, (continued)
- [ COBALT ] Security Advisory - Sendmail Jeff Bilicki (Nov 24)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Scott Zimmerman (Nov 24)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Simple Nomad (Nov 24)
- Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 24)
- Re: Netscape communicator 4.x Javascript security flaw Metal Hurlant (Nov 26)
- Re: Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 26)
- Windows NT 4.0 Service Pack 6A Breaks IP Forwarding Brendan Howes (Nov 25)
- Oracle Web Listener Mnemonix (Nov 25)
- [w00giving '99 #6]: UnixWare 7's Xsco Matt Conover (Nov 25)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Mark Seiden (Nov 24)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
- BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)
- Re: BindView Security Advisory: SSR Denial of Service Alan Cox (Nov 24)
- Oracle 8i questions Brock Tellier (Nov 23)
- Printer Vulnerabilities (Tektronix and JetDirect) Elias Levy (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Darren Reed (Nov 20)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)