Full Disclosure mailing list archives
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
From: Rudra Kamal Sinha Roy <rudrak () gmail com>
Date: Wed, 9 Mar 2005 10:49:59 +0530
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. It should be noted that the details surrounding this issue are not clear; this BID will be updated as more details are released. An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application. Exploit: The proof of concept code has been made available. Mehrtash Mallahzadeh is credited with the discovery of this issue. Full article: http://www.securityfocus.com/bid/12750/info/ -- Rudra kamal Sinha Roy iViZ Techno Solutions Pvt. Ltd IIT Kharagpur _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability Rudra Kamal Sinha Roy (Mar 08)