Yahoo! Messenger Long Email Address Book Buffer Overflow

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
252.590
Località
Torino
Secunia Advisory: SA26066
Release Date: 2007-07-19

Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Yahoo! Messenger 8.x




Description:
Rajesh Sethumadhavan has reported a vulnerability in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the processing of address book entries and can be exploited to cause a buffer overflow when a user performs a mouse-over on a contact on the address book with an overly-long email address.

Successful exploitation allows execution of arbitrary code, but requires that the target user is e.g. tricked into accepting malicious contact details.

The vulnerability is reported in version 8.1. Other versions may also be affected.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
The vendor has confirmed the vulnerability and a fix has been implemented server-side.



Bollettino Secunia
 
Indietro
Alto Basso