← Advisories

Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit

High
Advisory ID
ZSL-2008-4895
Release Date
06 September 2008
Vendor
Flock Inc. - http://www.flock.com
Affected Version
1.2.5
CVE
N/A
Tested On
Microsoft Windows XP Professional SP2 (English)
Summary

Flock is a browser. The people here at Flock are committed to building a browser unlike anything you’ve ever experienced before - because we start by focusing on user needs. We take pride in solving for common behaviors on the Web that seem clunky today, and will seem ridiculous tomorrow. We’re taking you there.

Description

Flock is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle unexpected input. Successfully exploiting these issues allows remote attackers to cause the application to freeze, denying service to legitimate users.

Proof of Concept
flock_dos.htmlTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
Special thanks to Gianni Amato
References
[1]http://www.milw0rm.com/exploits/6391
[2]http://www.securityfocus.com/bid/31044
[3]http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html
[4]http://www.astalavista.com/index.php?section=exploits&cmd=details&id=6492
[5]http://securityreason.com/exploitalert/4617
[6]http://governmentsecurity.org/forum/?showtopic=29966
[7]http://www.buslab.org/index.php/content/view/256889/2/
[8]http://www.hacker.com.cn/news/view.asp?id=1775
[9]http://www.unix-cn.biz/sh/f14/flock-social-web-browser-1-2-a-12000.html
[10]http://en.securitylab.ru/poc/359028.php
[11]http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/Flock-Social-Web-Browser-1.2.5-loop-Remote-Denial-of-Service-Exploit
Changelog
06.09.2008Initial release
09.09.2008Added reference [11]