[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY8-F53G38XMICFszK00066d37@hotmail.com>
Date: Thu, 08 Jan 2004 17:42:52 +0000
From: "Santos Rayes" <santosreyes2001@...mail.com>
To: trihuynh@...up.com
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
bugs@...uritytracker.com, news@...uriteam.com, vuln@...unia.com
Subject: Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
On Thu, Jan 08, 2004 at 03:38:43AM -0800, Tri Huynh wrote:
>
> VULNERABLE VERSIONS: 5.6.0.1351 and below
>
>For a fast demonstration, you can create a file like this
> "test<insert around 210 spaces here>.jpg" and send it to
> another user and ask her to download it.
can't reproduce this. have 1351 and 1347 and transfers don't
progress between them when name is more than 193 characters.
there was maybe an adjustment of the server but those versions
don't seem vulnerable either.
santos
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists