CVE-2004-0722

Mozilla < 1.6 and Netscape Navigator 7.0-7.1 - Remote Code Execution via SOAPParameter Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0722. PoCs published by zen-parse.

AI-analyzed exploit summary This exploit leverages an integer overflow in the SOAPParameter object constructor in Mozilla and Netscape browsers. By creating an excessively large array and passing it to the SOAPParameter constructor, it corrupts heap memory, potentially leading to remote code execution.

Description

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by zen-parse · textdoslinux

https://www.exploit-db.com/exploits/24346

View Code ZIP pw:eip

This exploit leverages an integer overflow in the SOAPParameter object constructor in Mozilla and Netscape browsers. By creating an excessively large array and passing it to the SOAPParameter constructor, it corrupts heap memory, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Mozilla prior to 1.7.1, Netscape 7.0, 7.1

No auth needed

Prerequisites: Victim must visit a malicious web page using a vulnerable browser

MITRE ATT&CK