Netscape SmartDownload 1.3 - Remote Buffer Overflow

EDB-ID:

20775




Platform:

Windows

Date:

2001-04-13


source: https://www.securityfocus.com/bid/2615/info

Netscape SmartDownload, a download manager add-on for popular web browsers, is vulnerable to a buffer overflow. The library 'sdph20.dll' used by SmartDownload contains an URL parser function that will overflow when a user visits or is redirected to an URL longer than 271 characters.

This overflow, if successfully exploited, allows execution of arbitrary code by an attacker with the privilege level of the currently logged-in user. Under Windows 95/98/Me, this means administrative privileges.

Hosts with SmartDownload installed are vulnerable regardless of whether SmartDownload is enabled. Exploit code is available for this vulnerability. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20775.tar.gz