← Advisories

Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS)

Medium
Advisory ID
ZSL-2014-5190
Release Date
30 June 2014
Vendor
Baidu, Inc. - http://www.baidu.com
Affected Version
26.5.9999.3511
CVE
CVE-2014-5349
Tested On
Microsoft Windows 7 Professional SP1 (EN), Microsoft Windows 7 Ultimate SP1 (EN)
Summary

Spark Browser is a free Internet browser with very sharp UIs and cool utilities. It's based on the Chromium technology platform, giving it fast browsing capabilities.

Description

Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.

Proof of Concept
spark_dos.htmlTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.com/files/127282
[2]http://www.securityfocus.com/bid/68288
[3]http://osvdb.org/show/osvdb/108605
[4]http://www.exploit-db.com/exploits/33951/
[5]http://cxsecurity.com/issue/WLB-2014070013
[6]http://www.vfocus.net/art/20140701/11614.html
[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-5349
Changelog
30.06.2014Initial release
01.07.2014Added reference [1] and [2]
02.07.2014Added reference [3] and [4]
03.07.2014Added reference [5] and [6]
05.10.2014Added reference [7]