Netscape 4.77 Composer Font Face Field Buffer Overflow Vulnerability

2002-06-13T00:00:00
ID EDB-ID:21544
Type exploitdb
Reporter S[h]iff
Modified 2002-06-13T00:00:00

Description

Netscape 4.77 Composer Font Face Field Buffer Overflow Vulnerability. CVE-2002-1766. Dos exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/5010/info

Netscape is a freely available web browser distributed by Netscape Communications, and available for various platforms. This vulnerability is known to affect those installations on the Linux platform.

A buffer overflow has been reported in the Composer function of Netscape. When an HTML page with a Font Face field of arbitrary length is edited using Netscape Composer, a memory corruption bug may occur that could allow the overwriting of process memory, and execution of attacker supplied code. 

<html>
<body>

<font face="X">Hola!</font>

</body>
</html>

where X is indicative of 191 or more characters.