The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
BID:9602
Info
The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9602 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0262 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | The disclosure of this issue has been credited to Peter Winter-Smith <[email protected]>. |
| Vulnerable: |
The Palace The Palace Client 3.5 |
| Not Vulnerable: | |
Discussion
The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
It has been reported that The Palace graphical chat client may be prone to a remote buffer overflow vulnerability when processing excessively long links such as:
palace://('a'x118)('BBBB')('XXXX')
Immediate consequences of an attack may result in a denial of service condition. Although unconfirmed, successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the vulnerable user in order to gain unauthorized access.
The Palace chat client versions 3.5 and prior have been reported to be prone to this issue.
It has been reported that The Palace graphical chat client may be prone to a remote buffer overflow vulnerability when processing excessively long links such as:
palace://('a'x118)('BBBB')('XXXX')
Immediate consequences of an attack may result in a denial of service condition. Although unconfirmed, successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the vulnerable user in order to gain unauthorized access.
The Palace chat client versions 3.5 and prior have been reported to be prone to this issue.
Exploit / POC
The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability
References:
References:
- The Palace Chat Client (The Palace)
- The Palace 3.x (Client) Stack Overflow Vulnerability (Peter Winter-Smith
)