News from the Lab: Another week!!

Wednesday, January 11, 2006

Another week!!

Anyways the second week since i started with my blog, glad to quote that i succesfully completed the research on Mailsite. Atlast another of OS2A's advisories, the fourth one infact.
Dissected various dll files of Mailsite, what captured my attention was the wconsole.dll, very unusual a dll file is exposed to the user as it is , initial analysis was a cross-scripting vulnerability in Mailsite which was obvious as the HTML code was embedded in the dll file and whatever script is inserted into the GET request
it is executing in the returning HTMl page response.
Now i downloaded the latest series of Mailsite,(7.0.3) performed the same kind of analysis on the dll files, this time a different observation :-) . Mailsite is not properly sanitizing the input parameters to the GET request
Can you believe what happened?
Yup, a buffer overflow in the HTTPMA service. It causes the svchost process to consume entire cpu cycles
and ultimately crashed the service.A denial of service, the first one of its kind from me.

Contacted the vendor, waiting them to release the fixes, can't wait to get my advisory out.....


Post a Comment

<< Home