OmniWeb Javascript Alert() Format String Vulnerability

Bugtraq ID:	21911
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 08 2007 12:00AM
Updated:	Jan 11 2007 05:50PM
Credit:	Kevin Finisterre is credited with the discovery of this vulnerability.
Vulnerable:	Omni Group OmniWeb 5.5.1 Omni Group OmniWeb 5.1 Omni Group OmniWeb 5.0.1
Not Vulnerable:	Omni Group OmniWeb 5.5.2

OmniWeb Javascript Alert() Format String Vulnerability

OmniWeb is prone to a remote format-string vulnerability because the application fails to sanitize user-supplied input before passing it to a formatted-output function.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.

OmniWeb version 5.5.1 (v607.5) running on Mac OS X 10.4.8 is vulnerable to this issue.

OmniWeb Javascript Alert() Format String Vulnerability

The following proof-of-concept exploit is available:

• /data/vulnerabilities/exploits/OmniWeb-exp.txt

OmniWeb Javascript Alert() Format String Vulnerability

Solution:
The vendor has released version 5.5.2 to address this issue. Please see the references for details on obtaining and applying the appropriate updates.


Omni Group OmniWeb 5.0.1

• Omni Group OmniWebEnglish.dmg
  http://www.omnigroup.com/download/latest/OmniWebEnglish.dmg

Omni Group OmniWeb 5.1

• Omni Group OmniWebEnglish.dmg
  http://www.omnigroup.com/download/latest/OmniWebEnglish.dmg

Omni Group OmniWeb 5.5.1

• Omni Group OmniWebEnglish.dmg
  http://www.omnigroup.com/download/latest/OmniWebEnglish.dmg

OmniWeb Javascript Alert() Format String Vulnerability

References:

• OmniWeb 5.5.2 now available and more secure (Omni Group)
  
• DMA[2007-0107a] - 'OmniWeb Javascript Alert Format String Vulnerabiity' (Kevin Finisterre)
  
• MOAB-07-01-2007: OmniWeb Javascript alert() Format String Vulnerability (MOAB)
  
• OmniWeb Product Page (Omni Group)
  
• DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007 (Kevin Finisterre)