Netscape SmartDownload 1.3 - Buffer Overflow Vulnerability

2001-04-13T00:00:00
ID EDB-ID:20775
Type exploitdb
Reporter Craig Davison
Modified 2001-04-13T00:00:00

Description

Netscape SmartDownload 1.3 Buffer Overflow Vulnerability. CVE-2001-0262. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2615/info

Netscape SmartDownload, a download manager add-on for popular web browsers, is vulnerable to a buffer overflow. The library 'sdph20.dll' used by SmartDownload contains an URL parser function that will overflow when a user visits or is redirected to an URL longer than 271 characters.

This overflow, if successfully exploited, allows execution of arbitrary code by an attacker with the privilege level of the currently logged-in user. Under Windows 95/98/Me, this means administrative privileges.

Hosts with SmartDownload installed are vulnerable regardless of whether SmartDownload is enabled. Exploit code is available for this vulnerability. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20775.tar.gz