lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: lists at domain-logic.com (Randall Perry)
Subject: GAIM exploit

Platform: Windows (tested only on XP and 2000, might impact others)
Application: GAIM v1.1.3
Synopsis: Cause remote crash of GAIM client.
Scenario:

By sending a file to another GAIM user, you can cause their GAIM client
to crash and completely close GAIM down.

Simply send a file to someone with parenthesis in it, and it will crash
when they accept the download (the download does not even begin, it just
crashes).

Example: filename of gaim1.1(windows).exe
will cause it to crash.

I am still playing with the debug version of GAIM, and having just run
through GTK updates to 2.4 I do not have time to digest and post those.
So far, it looks like it has to do with libglib-2.0-0.dll
I am following up with a post to GAIM developers with a complete report.

http://www.domain-logic.com/


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ