Bugtraq mailing list archives

Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability

From: gg_vuln () yahoo com
Date: 22 Nov 2007 22:49:50 -0000

Hello,

1. you didn't wrote OS specification. It was Win XP or Vista? Which language? It was fully patched? DEP was turned on? 
Have you tried on privileged user?

2. Why did you wrote VERY HIGH threat? This is local buffer overflow. Moreover user has to replace original file. This 
vulnerability has more to do with SE :(.

3. I haven't debug this overflow event, could you tell me, how much bytes can you parse?

Nice find.

Cheers,
JD

Current thread:

Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx (Nov 22)
- <Possible follow-ups>
- Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gg_vuln (Nov 22)
- Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25 (Nov 23)
- Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability j00ru . vx (Nov 23)
- Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael (Nov 23)
- Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability sdfkjsomcoismwevoiweo (Nov 23)
- Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability emacs25 (Nov 23)
- Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability gynvael (Nov 23)