############################################################################## # # Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability # # Copyright: OS2A and it's member companies # # Date Written: 2005/05/19 # # $Revision: 1.4 $ # # $Log: os2a_mozilla_vcard_600006.nasl,v $ # Revision 1.4 2006/03/08 07:08:46 schandan # Issue #319 # Modified description part. # # Revision 1.3 2006/03/08 03:42:25 schandan # Issue #319 # Modification done in regex. # # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## if(description) { script_id(600006); script_bugtraq_id(11174); script_cve_id("CVE-2004-0903"); script_copyright(english:"Copyright (C) 2005 OS2A"); script_version("$Revision: 1.4 $"); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); name["english"] = "Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability"; script_name(english:name["english"]); summary["english"] = "Checks for Vulnerable versions of Firefox (< 1.0 PR), Thunderbird (< 0.8), Mozilla Suite ( < 1.7.3) ands Netscape ( < = 7.2)" ; script_summary(english:summary["english"]); desc["english"] =" Overview : Mozilla Mail contains a vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine. Impact : A remote attacker may be able to execute arbitrary code on the victim machine with the privileges of the current user. Software affected : Firefox versions prior to Preview Release. Mozilla versions prior to 1.7.3. Thunderbird versions prior to 0.8. Netscape versions 7.2 and prior. Platforms affected : Any system running the affected software. Solution : This vulnerability is resolved in Firefox Preview Release, Mozilla 1.7.3 and Thunderbird 0.8 Update to Firefox Preview Release or later, http://www.mozilla.com/firefox/ Update to Mozilla 1.7.3 or later, http://www.mozilla.org/products/mozilla1.x/ Update to Thunderbird 0.8 or later, http://www.mozilla.com/thunderbird/ Mozilla recommends the following workaround : Disable in-line display of attachments, don't open VCard attachments. References : http://xforce.iss.net/xforce/xfdb/17380 Risk factor : High"; script_description(english:desc["english"]); script_dependencies("mozilla_firefox_code_exec.nasl", "smb_hotfixes.nasl", "visionael_modal_dlg_spoof_300008.nasl"); exit(0); } if(!get_kb_item("SMB/WindowsVersion")){ exit(0); } mozilla_version = get_kb_item("Mozilla/Version"); if(mozilla_version) { if(ereg(pattern:"^(0\..*|1\.([0-6](\..*)?|7(\.[0-2])?))($|[^.0-9])", string:mozilla_version)) { security_hole(0); exit(0); } } firefox_version = get_kb_item("Mozilla/Firefox/Version"); if(firefox_version) { if(ereg(pattern:"^(0\..*)", string:firefox_version)) { security_hole(0); exit(0); } } thunderbird_version = get_kb_item("Mozilla/ThunderBird/Version"); if(thunderbird_version) { if(ereg(pattern:"^(0\.[0-7]([^0-9].*)?)$", string:thunderbird_version)) { security_hole(0); exit(0); } } netscape_version = get_kb_item("Netscape/Version"); if(netscape_version) { if(ereg(pattern:"^([0-6]\..*|7\.([0-1](\..*)?|2))($|[^.0-9])", string:netscape_version)){ security_hole(0); } }