SAP GUI TabOne ActiveX Control Caption List Buffer Overflow
Netscape GIF Image Netscape Extension 2 Buffer Overflow Vulnerability
O noua vulnerabilitate de tip buffer overflow, ce poate fi exploatata de la distanta, a fost descoperita in browser-ul Netscape.
Vulnerabilitatea a fost raportata initial pentru Mozilla Firefox de catre ISS X-Force, iar prezenta ei in Netscape a fost semnalata de Juha-Matti Laurio – IT security researcher, networksecurity.fi
Descriere:
Vulnerabilitatea permite atacatorilor rularea de coduri arbitrare, de la distanta, via extensiei GIF2.cpp. aceasta este utilizata de browserele : Mozilla Firefox, Mozilla Suite, Netscape and K-Meleon si Mozilla Thunderbird e-mail client.O disfunctionalitate a modului de procesare a imaginilor GIF poate fi exploatata prin utilizarea unei imagini GIF special creata inacest sens.
Versiuni afectate: Netscape 7.2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
Netscape 6.2.3
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
K-Meleon
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041220 K-Meleon/0.9
Solutii:
Se recomanda utilizarea altui browser, sau a altei versiuni de browser.
Daca nu este posibil, incercati artificiul urmator:
Disable GIF image support:
Edit / Preferences... / Advanced / System: Remove selection from GIF images at 'Windows should use Netscape to open these file type'. Select 'OK' to save changes.
Do not open GIF images from untrusted sources.
Original Advisory:
http://www.networksecurity.fi/advisories/netscape-gif.html
Stiri