Re: Yahoo pager

[dis <dis () dislocated net>]

> Blake Frantz wrote:
> > The first few times I tried to crash YM I used random characters until YM
> > prevented me from entering more.  When I was figuring the buffer limit I
> > used "a"'s, I don't think the character makes a difference.
>
> Version 3, 0, 0, 768 (which I run) has a character limit of 800
> characters.  You simply can't type in (or paste in) any more than that.
>
> Sean Whipkey


I certainly hope it's not relying on the client alone to keep larger URLs
from being sent, and that the good people (ha) at Yahoo! actually fixed
the buffer overflow. Could this overflow be triggered remotely?  Could
someone with a modified client send a longer URL with shellcode conveniently
located and 0wn anyone they wanted?  I (and anyone else who way paying
attention) noticed EIP was overwritten..

if i really knew what i was doing (which i can pretend to), i'd look into
this myself.

-dis