lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 16 Jul 2007 12:20:49 -0700 (PDT)
From: Rajesh Sethumadhavan <rajesh.sethumadhavan@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Yahoo Messenger 8.1 Buffer Overflow

Yahoo Messenger 8.1 Address Book Buffer Overflow

#####################################################################

XDisclose Advisory             : XD100002
Vulnerability Discovered      : 10 April 2007 
Advisory Released              : 17 July 2007
Credit                                : Rajesh Sethumadhavan

Class                                : Buffer OverFlow
                                          Denial Of Service
Solution Status                  : Unpatched
Vendor                              : Yahoo Inc
Vendor Website                 : http://www.yahoo.com
Affected applications          : Yahoo Messenger 8.1 and prior

#####################################################################


Overview:
Yahoo! Inc. is an American computer services company with a mission
to "be the most essential global Internet service for consumers and
businesses". It operates an Internet portal, including the popular
Yahoo! Mail and Yahoo Messenger. According to Web trends Yahoo! is
the most visited website on the Internet today with more than 400
million unique users. The global network of Yahoo! websites received
3.4 billion page views per day on average as of October 2005.


Description:
Yahoo! Messenger is a widely used communicating program over the
Internet. A buffer overflow vulnerability is discovered in the Yahoo!
Messenger for Microsoft Windows. Buffer overflow occurs when Yahoo!
Messenger loads a specially crafted address book entry.

POC:
-Create a address book entry using yahoo portal with large amount of
'a' in "email address" textbox.
-Login to yahoo messenger
-Go to address book tab in yahoo messenger
-Place your mouse over the specially crafted address book entry
-Yahoo messenger will immediately crash

Exploitation Method:
-Send an address book to the victim with specially crafted address
-Social engineer the victim to place mouse over the imported address


Screenshot:
http://www.xdisclose.com/images/yahooaddressbof.jpg


Impact:
Successful exploitation may allows execution of arbitrary code with
Privilege of currently log users.


Original Advisory:
http://www.xdisclose.com/advisory/XD100002.html


Credits:
Rajesh Sethumadhavan has been credited with the discovery of this vulnerability



       
---------------------------------
Boardwalk for $500? In 2007? Ha! 
Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ