CVE-2001-0700

A remote attacker can exploit this vulnerability by sending a crafted MIME header containing a base64 encoded string exceeding approximately 32 characters in length [ref_id=1]. When the w3m client processes this malformed header, it can lead to a buffer overflow. This overflow may allow the attacker to execute arbitrary code on the user's system [ref_id=1]. The exploit involves a fake HTTP server sending a malicious MIME header to the victim's w3m client [ref_id=1].

The vulnerability lies within the 'w3m' client program, specifically in how it handles base64 encoded strings within MIME header fields. The overflow occurs when processing a string that exceeds approximately 32 characters [ref_id=1]. The provided exploit script targets this by constructing a malicious MIME header with a long base64 encoded string to trigger the buffer overflow [ref_id=1].

The advisory does not specify a patch or provide details on how the vulnerability was fixed. However, it indicates that the vulnerability is present in w3m versions 0.2.1 and earlier. Users are advised to upgrade to a patched version once available. The provided exploit script demonstrates a method to trigger the overflow by sending a long base64 encoded string in a MIME header [ref_id=1].

The provided reference includes a Perl script that acts as a fake HTTP server to deliver the exploit. This script listens on a port, accepts connections from a victim's w3m client, and sends a crafted HTTP response with a malicious MIME header designed to trigger the buffer overflow and execute shellcode [ref_id=1].