TUCoPS :: Browsers :: bt622.txt

Netscape 7.02 Client Detection Tool plug-in buffer overrun

Advisory name


Netscape 7.02 Client Detection Tool plug-in buffer overrun

Affected software


Netscape 7.02 for Windows

Problem description


Netscape 7.02 (and probably earlier versions) contains Client Detection 

Tool plug-in that handles application/x-cdt Mime type. One of this plug-in 

routines suffers from buffer overrun. To exploit this issue one needs to 

send mail message to victim with attachment that has specifically crafted 

filename and entice the victim to double-click it. When the victim double

clicks the attachment then attacker's code is executed in context of 

victim's user account. Proof-of-concept exploit is published in whitepaper 

"CDT plug-in bug: exploit in ASCII": 


Mitigating factors


Attacker must know OS and length of victim username to exploit this issue.

Also proof-of-concept exploit assumes that user runs Windows with default




Manually remove CDT plug-in (npcdt.dll) from Netscape /components folder 

or upgrade to latest version of the browser that has CDT plug-in removed.

Vendor status


Netscape was notified. Netscape considers this bug as "internal" so no 

patch will be released.

Copyright (c) 2003 Martin Rakhmanov.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH