Dillo Interface Message Format String Vulnerability
BID:12203
CVE-2005-12 |Info
Dillo Interface Message Format String Vulnerability
| Bugtraq ID: | 12203 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0012 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 09 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Tavis Ormandy. |
| Vulnerable: |
Dillo Dillo Web Browser 0.8.3 Dillo Dillo Web Browser 0.8.2 Dillo Dillo Web Browser 0.8.1 Dillo Dillo Web Browser 0.8 Dillo Dillo Web Browser 0.7.3 Dillo Dillo Web Browser 0.7.2 Dillo Dillo Web Browser 0.7.1 .2 Dillo Dillo Web Browser 0.7.1 Dillo Dillo Web Browser 0.7 Dillo Dillo Web Browser 0.6.6 Dillo Dillo Web Browser 0.6.5 Dillo Dillo Web Browser 0.6.4 Dillo Dillo Web Browser 0.6.3 Dillo Dillo Web Browser 0.6.2 Dillo Dillo Web Browser 0.6.1 Dillo Dillo Web Browser 0.6 Dillo Dillo Web Browser 0.5.1 Dillo Dillo Web Browser 0.4 Dillo Dillo Web Browser 0.3.1 Dillo Dillo Web Browser 0.3 Dillo Dillo Web Browser 0.2.4 Dillo Dillo Web Browser 0.2.3 Dillo Dillo Web Browser 0.2.2 Dillo Dillo Web Browser 0.2.1 Dillo Dillo Web Browser 0.2 |
| Not Vulnerable: | |
Discussion
Dillo Interface Message Format String Vulnerability
Dillo Web browser is prone to a format string vulnerability. This issue is exposed when the browser handles messages to the interface.
The vulnerability may be triggered when a user visits a malicious Web page. If successfully exploited, this will result in execution of arbitrary code in the context of the client user.
Dillo Web browser is prone to a format string vulnerability. This issue is exposed when the browser handles messages to the interface.
The vulnerability may be triggered when a user visits a malicious Web page. If successfully exploited, this will result in execution of arbitrary code in the context of the client user.
Exploit / POC
Dillo Interface Message Format String Vulnerability
The following example was provided to demonstrate how this issue may be triggered within a malicious Web page:
<base href="file:/"><img src="%x%x%x">
The following example was provided to demonstrate how this issue may be triggered within a malicious Web page:
<base href="file:/"><img src="%x%x%x">
Solution / Fix
Dillo Interface Message Format String Vulnerability
Solution:
Gentoo has released advisory GLSA 200501-11 to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"
Solution:
Gentoo has released advisory GLSA 200501-11 to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"
References
Dillo Interface Message Format String Vulnerability
References:
References: