Netscape SmartDownload 1.3 - Buffer Overflow Vulnerability

ID EDB-ID:20775
Type exploitdb
Reporter Craig Davison
Modified 2001-04-13T00:00:00


Netscape SmartDownload 1.3 Buffer Overflow Vulnerability. CVE-2001-0262. Remote exploit for windows platform


Netscape SmartDownload, a download manager add-on for popular web browsers, is vulnerable to a buffer overflow. The library 'sdph20.dll' used by SmartDownload contains an URL parser function that will overflow when a user visits or is redirected to an URL longer than 271 characters.

This overflow, if successfully exploited, allows execution of arbitrary code by an attacker with the privilege level of the currently logged-in user. Under Windows 95/98/Me, this means administrative privileges.

Hosts with SmartDownload installed are vulnerable regardless of whether SmartDownload is enabled. Exploit code is available for this vulnerability.