|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Secure Target Network (Security Advisory February 25, 2004) Topic: PerfectNav Crashes IE Discovery Date: February 24, 2004 Link to Original Advisory: http://securetarget.net/advisory.htm
Affected applications and platforms: Microsoft Internet Explorer 6 Service Pack 1 and older versions
Introduction: PerfectNav is designed to redirect your URL typing errors to PerfectNav's web page. Bundled with the Free Ad Supported version of Kazaa Media Desktop 2.6. Likely to be found in software supplied by eUniverse sites, such as thunderdownloads.com, myfreecursors.com, cursorzone.com and mycoolscreen.com. Likely to slow performance of Internet Explorer. Can download and execute arbitrary code as directed by its controlling server, as an update feature. All of us knew about Hijackers/Browser Helper Objects; some of them may hijack your sessions but do you care crashing your web browser by a single blink? When you use PerfectNav it is easy to crash your Internet Explorer (iexplore.exe) by any malformed URL like any thing you like: ? /? … Run “iexplore.exe ?” or type “?” in your IE address bar and simply get the error message: “An error has occurred in Internet Explorer. Internet Explorer will now close. If you continue to experience problems, please restart your computer.”
Exploit: Easier to exploit than this bug? Just point out any malformed URL on your target and it will be crashing her/his IE.
Workaround: The easiest way to work around this vulnerability is just removing PerfectNav from your computer. For information that may help you prevent this problem from reoccurring, click on the link below. http://www.pestpatrol.com/msperfectnavsupport.asp If the problem persists, please contact eUniverse.com Inc. and alert them of the problem. Note: To have PestPatrol automatically detect and remove PerfectNav and its components from your computer, you have to buy PestPatrol!
Tested on: Internet Explorer 6 Service Pack 1 (6.0.2800.1106) on Windows XP Service Pack 1a
Feedback: Kaveh Mofidi ([EMAIL PROTECTED]) Secure Target Network (Security Consulting/Training Group) HTTP://SECURETARGET.NET
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2
iQA/AwUBQDyI0WO1siv41icpEQJxTwCcD3Jm+cGYEnZeYpKp/sfL4uDrgzYAoPIz J+N/cjVVES/OmbDwpAcM9AR3 =Gsby -----END PGP SIGNATURE----- |
