Vulnerability Development mailing list archives
Yahoo pager
From: Blake Frantz <blake () MAIL MC NET>
Date: Wed, 30 Aug 2000 14:51:59 -0500
All, I don't know if this applies to the list or if it is even exploitable by adding hostile code at the end of the URL. I bring it up because of the popularity of Yahoo Messenger. When a URL is presented that exceeds 1024 characters, Yahoo messenger creates an application exception (Number c0000005, access violation). I tested this on: Yahoo Messenger 3,0,0,770 MyYahoo Module 2,0,0,348 on Windows 2000 Professional 5.000.2195. and YM generated the exception. I tested another box: Yahoo Messenger 3,0,0,769 MyYahoo Module 2,0,0,344 on Windows 98 SE 4.10.2222 A and nothing significant happened. This is what Dr. Watson Logs Say on the Win2K Box: (the bottom of the log has the state dump) <snip> Application exception occurred: App: (pid=1268) When: 8/30/2000 @ 00:06:54.717 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: PENNY User Name: Administrator Number of Processors: 1 Processor Type: x86 Family 6 Model 5 Stepping 2 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: None Current Type: Uniprocessor Free Registered Organization: XXXXXXXXX Registered Owner: XXXXXXXX *----> Task List <----* 0 Idle.exe 8 System.exe 132 smss.exe 160 csrss.exe 180 winlogon.exe 208 services.exe 220 lsass.exe 380 svchost.exe 408 SPOOLSV.exe 440 svchost.exe 476 regsvc.exe 492 mstask.exe 528 snmp.exe 576 winmgmt.exe 612 inetinfo.exe 736 explorer.exe 992 winampa.exe 1140 3cshtdwn.exe 1152 3cmlink.exe 1224 MDM.exe 548 OUTLOOK.exe 716 ntvdm.exe 1212 IEXPLORE.exe 1268 YPager.exe 1300 drwtsn32.exe 0 _Total.exe (00400000 - 0048D000) (77F80000 - 77FF9000) (77E80000 - 77F36000) (77E10000 - 77E75000) (77F40000 - 77F7C000) (76B30000 - 76B6E000) (77C70000 - 77CBA000) (77DB0000 - 77E0A000) (77D40000 - 77DAF000) (77B50000 - 77BDA000) (775A0000 - 777E0000) (78000000 - 78046000) (77A50000 - 77B45000) (65340000 - 653D5000) (77820000 - 77827000) (759B0000 - 759B6000) (77570000 - 775A0000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (10000000 - 10010000) (00230000 - 00239000) (012E0000 - 0131F000) (77CC0000 - 77D40000) (01640000 - 01669000) (63000000 - 63073000) (76B20000 - 76B25000) (772B0000 - 7731C000) (01950000 - 01979000) (71500000 - 71611000) (77850000 - 7788C000) (770C0000 - 770E3000) (76D90000 - 76DE3000) (1A400000 - 1A472000) (75D50000 - 75DD2000) (70000000 - 70242000) (4A000000 - 4A02C000) (4AA00000 - 4AA15000) (02510000 - 0252D000) (02860000 - 0287B000) (02990000 - 029A8000) (774E0000 - 77512000) (774C0000 - 774D1000) (77530000 - 77552000) (77830000 - 7783E000) (77520000 - 77525000) (77C10000 - 77C6D000) (75170000 - 751BF000) (77BE0000 - 77BEF000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 77979000) (77980000 - 779A4000) (77840000 - 7784C000) (75AC0000 - 75AE8000) (777E0000 - 777E8000) (777F0000 - 777F5000) (74FD0000 - 74FE1000) (75010000 - 75017000) (75E60000 - 75E7A000) (77560000 - 77569000) (77400000 - 77408000) (77410000 - 77423000) State Dump for Thread Id 0x4e4 eax=00000001 ebx=0018da51 ecx=0012fe88 edx=77e694a0 esi=0012f958 edi=00000daf eip=61616161 esp=0012e7e8 ebp=61616161 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: <nosymbols> </snip>
Current thread:
- Yahoo pager Blake Frantz (Aug 30)
- <Possible follow-ups>
- Re: Yahoo pager Blake Frantz (Aug 30)
- Re: Yahoo pager Bluefish (P.Magnusson) (Aug 31)
- Re: Yahoo pager Sean Michael Whipkey (Aug 31)
- Re: Yahoo pager Frantz, Blake (Aug 31)