Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
BID:12750
Info
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12750 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2005 12:00AM |
| Updated: | Mar 08 2005 12:00AM |
| Credit: | Mehrtash Mallahzadeh <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 Yahoo! Messenger 4.0 |
| Not Vulnerable: | |
Discussion
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers.
It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. It should be noted that the details surrounding this issue are not clear; this BID will be updated as more details are released.
An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application.
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers.
It is likely that the attacker must be in the contact list of an unsuspecting user to exploit this issue. It should be noted that the details surrounding this issue are not clear; this BID will be updated as more details are released.
An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user running a vulnerable version of the affected application.
Exploit / POC
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
The following proof of concept code has been made available:
The following proof of concept code has been made available:
Solution / Fix
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
References:
References:
- Yahoo! Messenger Homepage (Yahoo!)