9 lines
No EOL
810 B
Text
9 lines
No EOL
810 B
Text
source: http://www.securityfocus.com/bid/2615/info
|
|
|
|
Netscape SmartDownload, a download manager add-on for popular web browsers, is vulnerable to a buffer overflow. The library 'sdph20.dll' used by SmartDownload contains an URL parser function that will overflow when a user visits or is redirected to an URL longer than 271 characters.
|
|
|
|
This overflow, if successfully exploited, allows execution of arbitrary code by an attacker with the privilege level of the currently logged-in user. Under Windows 95/98/Me, this means administrative privileges.
|
|
|
|
Hosts with SmartDownload installed are vulnerable regardless of whether SmartDownload is enabled. Exploit code is available for this vulnerability.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20775.tar.gz |