Secure Target Network (Security Advisory February 25, 2004)
Topic: PerfectNav Crashes IE
Discovery Date: February 24, 2004
Original Advisory
External: Full-Disclosure, BugTraq, Security Tracker, xforce, SANS
Affected applications and platforms:
Microsoft Internet Explorer 6 Service Pack 1 and older versions
Introduction:
PerfectNav is designed to redirect your URL typing errors to PerfectNav’s web page. Bundled with the Free Ad Supported version of Kazaa Media Desktop 2.6. Likely to be found in software supplied by eUniverse sites, such as thunderdownloads.com, myfreecursors.com, cursorzone.com and mycoolscreen.com. Likely to slow performance of Internet Explorer. Can download and execute arbitrary code as directed by its controlling server, as an update feature.
All of us knew about Hijackers/Browser Helper Objects; some of them may hijack your sessions but do you care crashing your web browser by a single blink?
When you use PerfectNav it is easy to crash your Internet Explorer (iexplore.exe) by any malformed URL like any thing you like: ? /? …
Run “iexplore.exe ?” or type “?” in your IE address bar and simply get the error message:
“An error has occurred in Internet Explorer. Internet Explorer will now close. If you continue to experience problems, please restart your computer.”
Exploit:
Easier to exploit than this bug? Just point out any malformed URL on your target and it will be crashing her/his IE.
Workaround:
The easiest way to work around this vulnerability is just removing PerfectNav from your computer. For information that may help you prevent this problem from reoccurring, click on the link below.
http://www.pestpatrol.com/msperfectnavsupport.asp
If the problem persists, please contact eUniverse.com Inc. and alert them of the problem.
Note: To have PestPatrol automatically detect and remove PerfectNav and its components from your computer, you have to buy PestPatrol!
Tested on:
Internet Explorer 6 Service Pack 1 (6.0.2800.1106) on Windows XP Service Pack 1a
Feedback:
Kaveh Mofidi ( Admin (at) SecureTarget [dot] net)
Secure Target Network (Security Consulting/Training Group)