| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050306001747.17230.qmail@www.securityfocus.com>
Date: 6 Mar 2005 00:17:47 -0000
From: tal zeltzer <tal@...-security.com>
To: bugtraq@...urityfocus.com
Subject: See-security advisory: Trillian Basic 3.0 PNG Processing Buffer
overflow
##################################################################
# #
# See-security Technologies ltd. #
# #
# http://www.see-security.com #
# #
##################################################################
[-] Product Information
Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.
[-] Vulnerability Description
Trillian contains a buffer overflow vulnerability in the way it parse PNG Images
[-] Exploit
Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz
[-] Exploitation Analysis
When triggering this vulnerability the return address is overwritten
and the ESP register points to user-controlled data
by crafting a malformed structure its possible to execute arbitrary code
The structrue is as follows
[Malformed PNG Header][shellcode][New return address][get back shellcode]
[-] Credits
The vulnerability was discovered and exploited by Tal zeltzer
Powered by blists - more mailing lists