lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 6 Mar 2005 00:17:47 -0000
From: tal zeltzer <tal@...-security.com>
To: bugtraq@...urityfocus.com
Subject: See-security advisory: Trillian Basic 3.0 PNG Processing Buffer
    overflow




##################################################################
#                                                                #
#               See-security Technologies ltd.                   #
#                                                                #
#                http://www.see-security.com                     #
#                                                                #
##################################################################

[-] Product Information
Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

[-] Vulnerability Description
Trillian contains a buffer overflow vulnerability in the way it parse PNG Images

[-] Exploit
Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz

[-] Exploitation Analysis
When triggering this vulnerability the return address is overwritten
and the ESP register points to user-controlled data
by crafting a malformed structure its possible to execute arbitrary code
The structrue is as follows
[Malformed PNG Header][shellcode][New return address][get back shellcode]

[-] Credits
The vulnerability was discovered and exploited by Tal zeltzer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ