Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS)

Title: Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS)
Advisory ID: ZSL-2014-5190
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 30.06.2014
Summary
Spark Browser is a free Internet browser with very sharp UIs and cool utilities. It's based on the Chromium technology platform, giving it fast browsing capabilities.
Description
Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
Vendor
Baidu, Inc. - http://www.baidu.com
Affected Version
26.5.9999.3511
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows 7 Ultimate SP1 (EN)
Vendor Status
N/A
PoC
spark_dos.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.com/files/127282
[2] http://www.securityfocus.com/bid/68288
[3] http://osvdb.org/show/osvdb/108605
[4] http://www.exploit-db.com/exploits/33951/
[5] http://cxsecurity.com/issue/WLB-2014070013
[6] http://www.vfocus.net/art/20140701/11614.html
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-5349
Changelog
[30.06.2014] - Initial release
[01.07.2014] - Added reference [1] and [2]
[02.07.2014] - Added reference [3] and [4]
[03.07.2014] - Added reference [5] and [6]
[05.10.2014] - Added reference [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk