Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   webcamXP Vendors:   Darkwet Network
WebcamXP Lets Remote Users Redirect Chat Sessions and Deny Service
SecurityTracker Alert ID:  1013753
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 18 2005
Impact:   Denial of service via network, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.16.468 and prior versions
Description:   Some vulnerabilities were reported in WebcamXP. A remote user can redirect chat users to arbitrary locations. A remote user can also deny service to the chat feature.

A remote user can enter specially crafted HTML code into a chat name to cause the target user's chat session to be redirected. A demonstration exploit is provided:

<iframe src=""></iframe>

A remote user can also submit a long username (128 characters or more) to cause the chat window on the target user's browser to be displaced from the available window space, making the chat session unusuable.

The vendor was notified on April 15, 2005.

Donnie Werner reported this vulnerability.

Impact:   A remote user can redirect the target user's chat session to an arbitrary location.

A remote user can render the target user's chat session unusuable.

Solution:   The vendor has released a fixed version (2.16.478), available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [0day] WebcamXP

-= 0day - Freedom of Voice - Freedom of Choice =-

     - EXPL-A-2005-005 Advisory 034 -
                        - WebcamXP -

webcamXP is one of the most popular webcam software for private
and professional use. it offers unique features and unequaled
ease of use to let you broadcast / manage your video sources or
secure your company with up to 10 video sources per computer.

webcamXP PRO v2.16.468 and below

A vulnerability in WebcamXP allows malicious attackers to redirect
chat users login to any URL they wish. This allows the attacker to
force the chat users to the site of the attackers choosing.

By submitting a long user name in chat, an attacker can render the
chat feature unuseable in that the chat is pushed off of the frame
rendering the chatbox useless.

enter into chat name any XSS like <iframe
all users are redirected to the iframe url, including those chatting via the page.

enter a username of extreeme lenght. ( A x 128 )
the chatbox is moved over to give space to the username.
( does not affect those viewing via the page. )

Vendor contacted April 15, 2005
Patch / Update released April 18, 2005
webcamXP PRO v2.16.478

This vulnerability was discovered and researched by
Donnie Werner of

Donnie Werner

0day mailing list


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC