Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit

Title: Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit
Advisory ID: ZSL-2008-4895
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 06.09.2008
Summary
Flock is a browser. The people here at Flock are committed to building a browser unlike anything you’ve ever experienced before - because we start by focusing on user needs. We take pride in solving for common behaviors on the Web that seem clunky today, and will seem ridiculous tomorrow. We’re taking you there.
Description
Flock is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle unexpected input. Successfully exploiting these issues allows remote attackers to cause the application to freeze, denying service to legitimate users.
Vendor
Flock Inc. - http://www.flock.com
Affected Version
1.2.5
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
flock_dos.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
Special thanks to Gianni Amato
References
[1] http://www.milw0rm.com/exploits/6391
[2] http://www.securityfocus.com/bid/31044
[3] http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html
[4] http://www.astalavista.com/index.php?section=exploits&cmd=details&id=6492
[5] http://securityreason.com/exploitalert/4617
[6] http://governmentsecurity.org/forum/?showtopic=29966
[7] http://www.buslab.org/index.php/content/view/256889/2/
[8] http://www.hacker.com.cn/news/view.asp?id=1775
[9] http://www.unix-cn.biz/sh/f14/flock-social-web-browser-1-2-a-12000.html
[10] http://en.securitylab.ru/poc/359028.php
[11] http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/Flock-Social-Web-Browser-1.2.5-loop-Remote-Denial-of-Service-Exploit
Changelog
[06.09.2008] - Initial release
[09.09.2008] - Added reference [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk