[12725] in bugtraq

home help back first fref pref prev next nref lref last post

Netscape Communicator 4.7 - Navigator Overflows

daemon@ATHENA.MIT.EDU (Mike Boto)
Fri Nov 26 01:01:24 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.PMDF.3.96.991124141237.538990071A-100000@MAIL.HARTFORD.EDU>
Date:         Wed, 24 Nov 1999 14:15:36 -0500
Reply-To: boto@MAIL.HARTFORD.EDU
From: Mike Boto <boto@MAIL.HARTFORD.EDU>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

Netscape Communicator 4.7 - Navigator Overflow

If this has already been posted please let me know.  This is also my first
time submitting something, so if I'm doing something wrong bear with me.

Netscape Navigator for Win95/98 has a hard time with .asp extensions.
I've found that after entering the hexadecimal value 0xAAAAA....(I put in
800 A's just to be sure) after the http://hostname.com/dosomething.asp?,
Netscape crashes with the following error.

NETSCAPE caused an invalid page fault in
module <unknown> at 0084:41414141.
Registers:
EAX=00000000 CS=015f EIP=41414141 EFLGS=00010246
EBX=00954c84 SS=0167 ESP=00b486f4 EBP=41414141
ECX=0000003f DS=0167 ESI=000031d2 FS=0fdf
EDX=00b47dd3 ES=0167 EDI=00b4c160 GS=0000
Bytes at CS:EIP:

Stack dump:
41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141
41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141

The user is forced to reboot to get rid of the messagebox (well that's
always how it is with Netscape errors).  It may be possible to execute
arbitrary commands with.

home help back first fref pref prev next nref lref last post