Epiri Professional Web Browser 3.0 Remote Crash Exploit
Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit
Advisory ID: ZSL-2009-4923
Type: Local/Remote
Impact: DoS
Risk: (2/5)
Release Date: 30.07.2009
Exploit coded by sm - <sm@zeroscience.mk>
[2] http://www.packetstormsecurity.org/filedesc/epiri-dos.txt.html
[3] http://www.milw0rm.com/exploits/9304
[4] http://sebug.net/exploit/11951
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2009-4923
Type: Local/Remote
Impact: DoS
Risk: (2/5)
Release Date: 30.07.2009
Summary
Epiri Professional 3.0 next generation alternative internet Epiri Professional features with faster internet, digital clarity, the latest technological design and user-focused, impressive, next generation alternative internet program. Microsoft Silverlight needed.Description
Epiri Professional Web Browser suffers from a denial of service vulnerability that crashes the application by typiing one of the 3 vulnerable strings into the address bar ('file://', 'C::' and 'C:AAAA..AAA[257]) or by opening a malicious .vbs script file localy or remotely. Vulnerable Mode: Browse Internet.Vendor
Horizon Software Co. - http://www.horizonum.comAffected Version
3.0.0.00Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
N/APoC
epiri_crash.vbsCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>Exploit coded by sm - <sm@zeroscience.mk>
References
[1] http://securityreason.com/exploitalert/6777[2] http://www.packetstormsecurity.org/filedesc/epiri-dos.txt.html
[3] http://www.milw0rm.com/exploits/9304
[4] http://sebug.net/exploit/11951
Changelog
[30.07.2009] - Initial releaseContact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk