Full Disclosure mailing list archives
RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
From: "Kristian Hermansen" <khermansen () ht-technology com>
Date: Thu, 4 Dec 2003 09:19:12 -0500
OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked yer mail/Paypal accounts? Looks like we know who did it now. Did he take any money from yer Paypal account? I do agree with one thing that he said..."Stop leaking and killing my bug kid. Go to school to learn more." Dude you missed calculus class again and don't forget we are doing integration by parts/series this week/next week. Maybe you aren't as slick as I thought you were. Stealing bugs from other people? Dude, I had a lot of respect for you...but now...I'm just not so sure about your "integrity". Are you really finding these bugs with OllyDebug/IDAPro, or are you monitoring security researchers email accounts to get your info? Dude, I only ask because I believe everyone here has the right to know... Kristian Hermansen khermansen () ht-technology com -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of De Blanc Sent: Thursday, December 04, 2003 2:17 AM To: full-disclosure () lists netsys com Cc: bugtraq () securityfocus com Subject: Re: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs. But you are more sux than yahoo since you stole my work and posted my found bug to yahoo and bugtraq. Funny enough when your little company SentryUnion is trying to sell "Indetify Theft" protection service but you got owned, stole mail and money from your paypal account, logged everything your chatted with gf via one another yahoo messenger 0day. Stop leaking and killing my bug kid. Go to school to learn more. The Blanc <trihuynh () zeeup com> wrote:
Hi all, This bug is a lame bug, very lame actually. I release
it in order to
show that how a big company don't even do a basic QA.
If we look through
the security records of YIM, almost any YIM's
ActiveX/Com
components do have some kind of buffer overflow and
it is very easy
to spot them too (by fuzzing the IDispatch
interface). I have no idea
how can QA guys in the YIM project can manage to let
these
dangerous bugs survival through the testing state.
Maybe they
are so busy watching the new "Joe Millionaire" show
:-))))
Trihuynh Sentryunion -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On
Behalf Of Tri Huynh
Sent: Wednesday, December 03, 2003 10:07 To: full-disclosure () lists netsys com;
bugtraq () securityfocus com
Cc: bugs () securitytracker com; news () securiteam com;
vuln () secunia com
Subject: [Full-disclosure] Yahoo Instant Messenger
YAUTO.DLL buffer overflow
Yahoo Instant Messenger YAUTO.DLL buffer overflow ================================================= PROGRAM: Yahoo Instant Messenger (YIM) HOMEPAGE: http://messenger.yahoo.com VULNERABLE VERSIONS: 5.6.0.1347 and below DESCRIPTION ================================================= YIM is one of the most popular instant messenger.
This is a cool product,
that allows me to chat with my gf from a very long
distant :-).
DETAILS ================================================= YAUTO.DLL is an ActiveX/COM component that comes with
Yahoo Install
Messenger. YAUTO.DLL is registered under a ProgID
called "YAuto.NSAuto.1".
In this component, there is a function named
Open(String Url) that will
cause a buffer overflow if argument Url is passed
with a long string. Since
this is an ActiveX component, the vulnerability can
be exploited just by
making a website with the correct CLSID of the
ActiveX and call the function
directly. We have successfully exploited the
vulnerability by making a
website that can download a trojan and execute it
silently.
WORKAROUND ================================================= Yahoo has been contacted at
enterprisesales () yahoo-inc com (this is the only
email that I can find on the Yahoo Messenger Site)
but doesn't response
after 1 month. The workaround solution is deleting
the YAUTO.DLL file in
your YIM directory. CREDITS ================================================= Discovered by Tri Huynh from SentryUnion DISLAIMER ================================================= The information within this paper may change without
notice. Use of this
information constitutes acceptance for use in an AS
IS condition. There are
NO warranties with regard to this information. In no
event shall the author
be liable for any damages whatsoever arising out of
or in connection with
the use or spread of this information. Any use of
this information is at the
user's own risk. FEEDBACK ================================================= Please send suggestions, updates, and comments to:
trihuynh () zeeup com
_______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html
-------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
__________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Yahoo Instant Messenger YAUTO.DLL buffer overflow Tri Huynh (Dec 02)
- RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 02)
- Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow Dave Sherohman (Dec 03)
- Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow Marc Bejarano (Dec 09)
- <Possible follow-ups>
- RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow trihuynh () zeeup com (Dec 03)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow De Blanc (Dec 03)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Tri Huynh (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow dave kleiman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow List Account (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Boris Veytsman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow dave kleiman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Exibar (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- (Was: Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow) Cael Abal (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Exibar (Dec 04)