SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   NetCaptor Vendors:   stilesoft inc.
NetCaptor Lets Remote Users Spoof Javascript Dialog Boxes
SecurityTracker Alert ID:  1014265
SecurityTracker URL:  http://securitytracker.com/id/1014265
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 22 2005
Impact:   Disclosure of user information, Modification of user information
Exploit Included:  Yes  
Version(s): 7.5.4.1429
Description:   Juha-Matti Laurio reported a vulnerability in NetCaptor. A remote user can spoof Javascript dialog boxes.

The browser displays Javascript dialog boxes without indicating the origin of the dialog box. As a result, a remote user can create HTML that will display a dialog box that appears to originate from a trusted site.

A demonstration exploit is available at:

http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

The vendor was notified on June 22, 2005.

Jakob Balle of Secunia Research originally discovered this type of vulnerability, affecting a variety of browsers.

Impact:   A remote user can spoof Javascript dialog boxes.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netcaptor.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  New NetCaptor Browser Dialog Origin Spoofing Vulnerability


The newest NetCaptor Browser version 7.5.4 (released 2/18/2005) is 
confirmed as affected to new
remote type Multiple Browsers Dialog Origin Vulnerability.
Tests was done with Secunia test page
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/ .

Result:
Result was just similar when tested with fully patched Microsoft 
Internet Explorer 6.0 including cumulative Microsoft June security 
update MS05-025. Issue was tested with Windows XP Professional US and 
default browser settings were in use. AI RoboForm password manager 
plugin was not installed to a system.
Opened Script Prompt asking 'password' at this test issue doesn't show 
the origin url of the dialog box. This enables spoofing-type attacks.

A JavaScript dialog box (in fact, JScript) was displayed in front of the 
Google.com web site without information about its origin URL and/or 
domain name.
Typed text was appeared to generated 'You entered:' JScript dialog box.

>From the vendor:
"NetCaptor is the most powerful web browser on the planet! Other 
browsers only show one page at a time or squish them together in an 
overlapping mess. NetCaptor gives each web site its own tab!"

- Solution status:
Unpatched

Software:
NetCaptor 7.x

- Affected versions:
The vulnerability has been reported in version 7.5.4 Personal Edition. 
Other versions may also be affected as well. The exact file version 
checked was 7.5.4.1429. The UserAgent string was Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.1; NetCaptor 7.5.4).
Commercial version NetCaptor Pro was not tested by the researcher.

Vendor:
Stilesoft Inc.

Vendor Home Page:
http://www.netcaptor.com/

- Download link for version tested:
http://www.netcaptor.com/download.php

- Solution:
Do not browse untrusted web sites when browsing trusted sites.

Vendor was contacted on 22th June, 2005 and workaround was included to 
the report.

This issue was assigned as SA15491, FrSIRT/ADV-2005-0820, X-Force 
ID21070, SecWatch
ID1010894 etc. when writing this report.

Timeline:
21-06-2005 - Vulnerability researched
22-06-2005 - Detailed discovery
22-06-2005 - Vendor contacted, workaround offered to the vendor
22-06-2005 - Security companies and several CERT units contacted

Vendor's recent company and contact information was submitted to Open 
Source Vulnerability Database's (OSVDB) Vendor Dictionary and several 
commercial security companies providing vendor databases to help 
customers to inform security issues at Stilesoft products.


Best regards,
Juha-Matti Laurio, Networksecurity.fi
Security researcher
Finland
http://www.networksecurity.fi
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC