SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   PerfectNav Vendors:   PerfectNav.com
PerfectNav Malformed URL Bug Lets Remote Users Crash the Browser
SecurityTracker Alert ID:  1009218
SecurityTracker URL:  http://securitytracker.com/id/1009218
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 26 2004
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A denial of service vulnerability was reported in the PerfectNav search plug-in. A remote user can cause a target user's Internet Explorer (IE) browser to crash.

Kaveh Mofidi of Secure Target Network reported that a remote user can create a specially crafted and malformed URL that, when loaded by the target user, will cause the target user's Microsoft IE browser to crash.

Impact:   A remote user can cause a target user's browser to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  search.perfectnav.com/index.cfm?source=perfectnav&action=about (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] PerfectNav Crashes IE


This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C3FC4D.83B67500
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

Secure Target Network (Security Advisory February 25, 2004)

Topic: PerfectNav Crashes IE

Discovery Date: February 24, 2004

Link to Original Advisory: http://securetarget.net/advisory.htm

 

Affected applications and platforms:

Microsoft Internet Explorer 6 Service Pack 1 and older versions

 

Introduction:

PerfectNav is designed to redirect your URL typing errors to

PerfectNav's web page. Bundled with the Free Ad Supported version of

Kazaa Media Desktop 2.6. Likely to be found in software supplied by

eUniverse sites, such as thunderdownloads.com, myfreecursors.com,

cursorzone.com and mycoolscreen.com. Likely to slow performance of

Internet Explorer. Can download and execute arbitrary code as

directed by its controlling server, as an update feature.

All of us knew about Hijackers/Browser Helper Objects; some of them

may hijack your sessions but do you care crashing your web browser by

a single blink?

When you use PerfectNav it is easy to crash your Internet Explorer

(iexplore.exe) by any malformed URL like any thing you like: ? /? .

Run "iexplore.exe ?" or type "?" in your IE address bar and simply

get the error message:

"An error has occurred in Internet Explorer. Internet Explorer will

now close. If you continue to experience problems, please restart

your computer."

 

Exploit:

Easier to exploit than this bug? Just point out any malformed URL on

your target and it will be crashing her/his IE.

 

Workaround:

The easiest way to work around this vulnerability is just removing

PerfectNav from your computer. For information that may help you

prevent this problem from reoccurring, click on the link below.

http://www.pestpatrol.com/msperfectnavsupport.asp

If the problem persists, please contact eUniverse.com Inc. and alert

them of the problem.

Note: To have PestPatrol automatically detect and remove PerfectNav

and its components from your computer, you have to buy PestPatrol!

 

Tested on:

Internet Explorer 6 Service Pack 1 (6.0.2800.1106) on Windows XP

Service Pack 1a

 

Feedback:

Kaveh Mofidi (Admin@SecureTarget.Net)

Secure Target Network (Security Consulting/Training Group)

HTTP://SECURETARGET.NET

 

-----BEGIN PGP SIGNATURE-----

Version: PGP 8.0.2

 

iQA/AwUBQDyI0WO1siv41icpEQJxTwCcD3Jm+cGYEnZeYpKp/sfL4uDrgzYAoPIz

J+N/cjVVES/OmbDwpAcM9AR3

=Gsby

-----END PGP SIGNATURE-----


------=_NextPart_000_0003_01C3FC4D.83B67500
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0mm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.emailstyle17
	{font-family:Arial;
	color:windowtext;}
span.EmailStyle18
	{font-family:Arial;
	color:navy;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>-----BEGIN PGP SIGNED MESSAGE-----</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hash: SHA1</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Secure Target Network (Security Advisory February 25, =
2004)</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Topic: PerfectNav Crashes IE</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Discovery Date: February 24, 2004</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Link to Original Advisory:
http://securetarget.net/advisory.htm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Affected applications and =
platforms:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Microsoft Internet Explorer 6 Service Pack 1 and =
older
versions</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Introduction:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>PerfectNav is designed to redirect your URL typing =
errors to</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>PerfectNav's web page. Bundled with the Free Ad =
Supported
version of</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Kazaa Media Desktop 2.6. Likely to be found in =
software
supplied by</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>eUniverse sites, such as thunderdownloads.com,
myfreecursors.com,</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cursorzone.com and mycoolscreen.com. Likely to slow
performance of</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Internet Explorer. Can download and execute arbitrary =
code
as</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>directed by its controlling server, as an update =
feature.</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>All of us knew about Hijackers/Browser Helper =
Objects; some
of them</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>may hijack your sessions but do you care crashing =
your web
browser by</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>a single blink?</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>When you use PerfectNav it is easy to crash your =
Internet
Explorer</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>(iexplore.exe) by any malformed URL like any thing =
you like:
? /? &#8230;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Run &#8220;iexplore.exe ?&#8221; or type =
&#8220;?&#8221; in
your IE address bar and simply</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>get the error message:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&#8220;An error has occurred in Internet Explorer. =
Internet
Explorer will</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>now close. If you continue to experience problems, =
please
restart</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>your computer.&#8221;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Exploit:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Easier to exploit than this bug? Just point out any
malformed URL on</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>your target and it will be crashing her/his =
IE.</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Workaround:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>The easiest way to work around this vulnerability is =
just
removing</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>PerfectNav from your computer. For information that =
may help
you</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>prevent this problem from reoccurring, click on the =
link
below.</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>http://www.pestpatrol.com/msperfectnavsupport.asp</spa=
n></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>If the problem persists, please contact eUniverse.com =
Inc.
and alert</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>them of the problem.</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Note: To have PestPatrol automatically detect and =
remove
PerfectNav</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>and its components from your computer, you have to =
buy
PestPatrol!</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Tested on:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Internet Explorer 6 Service Pack 1 (6.0.2800.1106) on
Windows XP</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Service Pack 1a</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Feedback:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
 font-family:Arial'>Kaveh Mofidi</span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'> =
(Admin@SecureTarget.Net)</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Secure Target Network (Security Consulting/Training =
Group)</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>HTTP://SECURETARGET.NET</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>-----BEGIN PGP SIGNATURE-----</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Version: PGP 8.0.2</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>iQA/AwUBQDyI0WO1siv41icpEQJxTwCcD3Jm+cGYEnZeYpKp/sfL4u=
DrgzYAoPIz</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>J+N/cjVVES/OmbDwpAcM9AR3</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>=3DGsby</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>-----END PGP SIGNATURE-----</span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0003_01C3FC4D.83B67500--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC