It is possible for a malicious attacker to remotely cause Browsegate to crash with invalid memory errors. DEMONSTRATION An attacker could telnet to port 80, the listening port of Browsegate's HTTP Proxy, and send the following commands; GET / HTTP/1.0 This will cause
brwgate.exe to crash with it's own error handler. Please note that
"(A x 8k)" denotes 8K of characters and " VENDOR RESPONSE According to Delphis, NetCPlus has promptly fixed this issue and issued a patch available from their website. CREDIT |
BrowseGate V2.80 is vulnerable to a DoS attack
0 comments
Hide comments