| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d455122c0503082119180ab8cc@mail.gmail.com> From: rudrak at gmail.com (Rudra Kamal Sinha Roy) Subject: Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. It should be noted that the details surrounding this issue are not clear; this BID will be updated as more details are released. An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application. Exploit: The proof of concept code has been made available. Mehrtash Mallahzadeh is credited with the discovery of this issue. Full article: http://www.securityfocus.com/bid/12750/info/ -- Rudra kamal Sinha Roy iViZ Techno Solutions Pvt. Ltd IIT Kharagpur
Powered by blists - more mailing lists