Naviscope - DoS

["morning_wood" <se_cur_ity () hotmail com>]

------------------------------------------------------------------
          - EXPL-A-2003-013 exploitlabs.com Advisory 013
------------------------------------------------------------------
                         -= Naviscope =-




Donnie Werner
morning_wood () exploitlabs com
July,8 2003



Product:
--------
Naviscope v8.70
http://www.naviscope.com/


Vunerability(s):
----------------
1. Local DoS
2. OEM ID Transmission

Reviews:
--------
http://www.naviscope.com/awards.htm


Description of product:
-----------------------
"Naviscope is a powerful Web Accelerator and complete package
 of Internet Tools."

http://www.naviscope.com/dnload.htm



VUNERABILITY / EXPLOIT
======================
by default Naviscope binds to 0.0.0.0:81

connecting to http://127.0.0.1:81 causes Naviscope to loop, taking CPU
use to
100% and opening up hundreds of connections to itself.

naviscope sets IE to proxy through 127.0.0.1:81 upon execution (by
default)
it does not return the browser ( IE ) to its pre-execution default
state, rendering browsing useless
until reactivation, or manually adjusting the proxy setting in IE


it also connects to http://naviscope.com and sends

v=0870&r=00&s=[BAD9]&k=[       ]&exeid=0&FB=1&winser=[WINDOWS-PRODUCTI
D]

where WINDOWS-PRODUCTD is the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId



Local:
------
yes

Remote:
-------
not verified

Vendor Fix:
-----------
No fix on 0day



Vendor Contact:
---------------
Concurrent with this advisory
feedback () naviscope com

Credits:
--------
Donnie Werner
http://exploitlabs.com

Original Advisory may be read at:
http://exploitlabs.com/files/advisories/EXPL-A-2003-013-naviscope.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html