Full Disclosure mailing list archives

Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability

From: Rudra Kamal Sinha Roy <rudrak () gmail com>
Date: Wed, 9 Mar 2005 10:49:59 +0530

It has been reported that a remote buffer overflow vulnerability
affects Yahoo! Messenger. This issue is due to a failure of the
application to securely copy user-supplied input into finite process
buffers.

It is likely that the attacker must be in the contact list of an
unsuspecting user to exploit this issue. It should be noted that the
details surrounding this issue are not clear; this BID will be updated
as more details are released.

An attacker may leverage this issue to execute arbitrary code in the
context of an unsuspecting user running a vulnerable version of the
affected application.

Exploit:
The  proof of concept code has been made available.


Mehrtash Mallahzadeh  is credited with the discovery of this issue. 

Full article:
http://www.securityfocus.com/bid/12750/info/


-- 
Rudra kamal Sinha Roy
iViZ Techno Solutions Pvt. Ltd
IIT Kharagpur
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability Rudra Kamal Sinha Roy (Mar 08)