|
|
| |
SOAP is an XML-based messaging protocol which defines a set of rules for structuring messages, and can be used for web based applications.
Improper input validation to the SOAPParameter object constructor in Netscape and Mozilla allows execution of arbitrary code. |
| |
Credit:
The information has been provided by iDEFENSE Security Labs.
|
| |
Vulnerable Systems:
* Netscape versions 7.0, 7.1
* Mozilla version 1.6
Immune Systems:
* Mozilla version 1.7.1
CVE Information:
CAN-2004-0722
The SOAPParameter object's constructor contains an integer overflow which allows controllable heap corruption. A web page can be constructed to leverage this into remote execution of arbitrary code. Upon successful exploitation, a remote attacker is able to execute arbitrary code in the context of the user running the browser.
Workaround
One possibility is to disable Javascript in the browser. However, the effects of such an action are that many sites will not work properly since Javascript is a major part of many websites currently.
Another alternative would be to upgrade to the latest version of the Mozilla browser (1.7.1) which is not vulnerable to this integer overflow.
Disclosure Timeline
01/17/2004 Exploit acquired by iDEFENSE.
03/05/2004 Bug sent to Netscape Security Bug form at http://cgi.netscape.com/cgi-bin/bug-security.cgi
03/05/2004 Bug entered into bugzilla.mozilla.org at http://bugzilla.mozilla.org/show_bug.cgi?id=236618
03/05/2004 iDEFENSE clients notified
07/09/2004 Patch submitted into Mozilla source tree. It can be found at http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
08/02/2004 Public disclosure
|
|
|
|
|
|
|
|
