Full Disclosure mailing list archives
Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
From: "Exibar" <exibar () thelair com>
Date: Thu, 4 Dec 2003 14:35:10 -0500
Just sit right there at home, the Secret Service will be by to have a conversation with you I'm sure. ----- Original Message ----- From: "Kristian Hermansen" <khermansen () ht-technology com> To: <full-disclosure () lists netsys com> Sent: Thursday, December 04, 2003 1:37 PM Subject: RE: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
KillGeorgeBush.com is getting ready to go prime-time, but...oh yeah...I
have
finals!!! If anyone has any good content for my KillGeorgeBush.com
website,
please send me emails/link (audio, video, documents, etc.) Remember:
George
Bush deserves to die for his lies and lootin'!!! I am now accepting donations through Paypal, of which the money will go straight to terrorist organizations who have interests vested in removing the Bush
administration
from political power... Kristian Hermansen khermansen () ht-technology com -----Original Message----- From: List Account [mailto:list.account () cerdant com] Sent: Thursday, December 04, 2003 12:58 PM To: 'Kristian Hermansen' Subject: RE: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL
buffer
overflow Nice site! Where's the content? (Killgeorgebush.com) -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 10:56 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Dude, thanks for the calc tips!!! LATE makes perfect sense ;-) Kristian Hermansen khermansen () ht-technology com -----Original Message----- From: List Account [mailto:list.account () cerdant com] Sent: Thursday, December 04, 2003 10:41 AM To: 'Kristian Hermansen' Subject: RE: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Funny you should be talking about Calculus, I'm finishing 152 now (finals next week). Integration by parts not that bad. Here's a tip; LATE Logs Algebraic Trig Exponentials What this is for is to find u, so that du will be something simpler. So to use LATE to find u, try them in order, i.e. is there a ln? No, then is there an algebraic function you can integrate?, etc. HTH, Nathan -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 9:19 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked yer mail/Paypal accounts? Looks like we know who did it now. Did he take any money from yer Paypal account? I do agree with one thing that he said..."Stop leaking and killing my bug kid. Go to school to learn more." Dude you missed calculus class again and don't forget we are doing integration by parts/series this week/next week. Maybe you aren't as slick as I thought you were. Stealing bugs from other people? Dude, I had a lot of respect for you...but now...I'm just not so sure about your "integrity". Are you really finding these bugs with OllyDebug/IDAPro, or are you monitoring security researchers email accounts to get your info? Dude, I only ask because I believe everyone here has the right to know... Kristian Hermansen khermansen () ht-technology com -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of De Blanc Sent: Thursday, December 04, 2003 2:17 AM To: full-disclosure () lists netsys com Cc: bugtraq () securityfocus com Subject: Re: [Full-disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs. But you are more sux than yahoo since you stole my work and posted my found bug to yahoo and bugtraq. Funny enough when your little company SentryUnion is trying to sell "Indetify Theft" protection service but you got owned, stole mail and money from your paypal account, logged everything your chatted with gf via one another yahoo messenger 0day. Stop leaking and killing my bug kid. Go to school to learn more. The Blanc <trihuynh () zeeup com> wrote:Hi all, This bug is a lame bug, very lame actually. I releaseit in order toshow that how a big company don't even do a basic QA.If we look throughthe security records of YIM, almost any YIM'sActiveX/Comcomponents do have some kind of buffer overflow andit is very easyto spot them too (by fuzzing the IDispatchinterface). I have no ideahow can QA guys in the YIM project can manage to letthesedangerous bugs survival through the testing state.Maybe theyare so busy watching the new "Joe Millionaire" show:-))))Trihuynh Sentryunion -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] OnBehalf Of Tri HuynhSent: Wednesday, December 03, 2003 10:07 To: full-disclosure () lists netsys com;bugtraq () securityfocus comCc: bugs () securitytracker com; news () securiteam com;vuln () secunia comSubject: [Full-disclosure] Yahoo Instant MessengerYAUTO.DLL buffer overflowYahoo Instant Messenger YAUTO.DLL buffer overflow ================================================= PROGRAM: Yahoo Instant Messenger (YIM) HOMEPAGE: http://messenger.yahoo.com VULNERABLE VERSIONS: 5.6.0.1347 and below DESCRIPTION ================================================= YIM is one of the most popular instant messenger.This is a cool product,that allows me to chat with my gf from a very longdistant :-).DETAILS ================================================= YAUTO.DLL is an ActiveX/COM component that comes withYahoo InstallMessenger. YAUTO.DLL is registered under a ProgIDcalled "YAuto.NSAuto.1".In this component, there is a function namedOpen(String Url) that willcause a buffer overflow if argument Url is passedwith a long string. Sincethis is an ActiveX component, the vulnerability canbe exploited just bymaking a website with the correct CLSID of theActiveX and call the functiondirectly. We have successfully exploited thevulnerability by making awebsite that can download a trojan and execute itsilently.WORKAROUND ================================================= Yahoo has been contacted atenterprisesales () yahoo-inc com (this is the onlyemail that I can find on the Yahoo Messenger Site)but doesn't responseafter 1 month. The workaround solution is deletingthe YAUTO.DLL file inyour YIM directory. CREDITS ================================================= Discovered by Tri Huynh from SentryUnion DISLAIMER ================================================= The information within this paper may change withoutnotice. Use of thisinformation constitutes acceptance for use in an ASIS condition. There areNO warranties with regard to this information. In noevent shall the authorbe liable for any damages whatsoever arising out ofor in connection withthe use or spread of this information. Any use ofthis information is at theuser's own risk. FEEDBACK ================================================= Please send suggestions, updates, and comments to:trihuynh () zeeup com_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html--------------------------------------------------------------------mail2web - Check your email from the web at http://mail2web.com/._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html__________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow, (continued)
- RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow trihuynh () zeeup com (Dec 03)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow De Blanc (Dec 03)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Tri Huynh (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow dave kleiman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow List Account (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Boris Veytsman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow dave kleiman (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Exibar (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- (Was: Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow) Cael Abal (Dec 04)
- RE: (Was: Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow) Kristian Hermansen (Dec 04)
- Cripes (Was Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow) Cael Abal (Dec 04)
- Re: Cripes madsaxon (Dec 04)
- Re: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Exibar (Dec 04)
- RE: [inbox] RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Exibar (Dec 04)
- RE: [inbox] RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow madsaxon (Dec 04)
- RE: RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Kristian Hermansen (Dec 04)