Avant Browser超长HTTP请求缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107455 漏洞类型 缓冲区溢出
发布时间 2003-08-21 更新时间 2007-04-10
CVE编号 CVE-2003-1321 CNNVD-ID CNNVD-200312-225
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23050
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-225
|漏洞详情
AvantBrowser8.02版本存在缓冲区溢出漏洞。远程攻击者可以导致服务拒绝(崩溃),并且可能可以借助HTTP请求中的一个超长URL执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/8471/info

It has been reported that a buffer overflow condition exists in the Avant Browser software that may cause an attacker to run arbitrary code on a vulnerable host in order to gain unauthorized access to the system. The vulnerability is due to a lack of boundary condition checks on URL values.

This issue may cause an attack to run arbitrary code on a host in the context of the user running the vulnerable version of Avant Browser.

http://AAAAAAA[more 780 chars]
<a href="http://AAA[more 780 chars]">aaa</a>
|参考资料

来源:XF
名称:avantbrowser-http-bo(12974)
链接:http://xforce.iss.net/xforce/xfdb/12974
来源:BID
名称:8471
链接:http://www.securityfocus.com/bid/8471
来源:BUGTRAQ
名称:20030821BufferoverflowinAvantBrowser8.02
链接:http://marc.info/?l=bugtraq&m=106150462504484&w=2