Computer Security

Archive : 2000 : january : yahoom
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





Yahoo Pager/Messanger Buffer Overflow




Yahoo Pager/Messanger Buffer Overflow






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Ļķ, 17 ’ķā 2000  09:55:44

   Īņ: Jaynus Jaynus <jaynus@GOATRANCE.COM>

 Źīģó: BUGTRAQ@SECURITYFOCUS.COM

 Ņåģą: Yahoo Pager/Messanger Buffer Overflow

--------------------------------------------------------------------------------




While reading my bugtraq mail, I read over the ICQ overflow that had be found (suprised it came so late) so I was curious if this existed in any other clients. Upon testing the below URL, yahoo pager/messenger crashed in the same was as ICQ.



http://www.asdf.com/?





















Just a quick little find, I am guessing that it should be easy to push the stack in an exploitable direction, but for the time being, it can be used as just a simple DoS attack.



- J a y n u s





 /\___ \

 \/__/\ \     __     __  __    ___   __  __    ____

    _\ \ \  /'__`\  /\ \/\ \ /' _ `\/\ \/\ \  /',__\

   /\ \_\ \/\ \L\.\_\ \ \_\ \/\ \/\ \ \ \_\ \/\__, `\

   \ \____/\ \__/.\_\\/`____ \ \_\ \_\ \____/\/\____/

    \/___/  \/__/\/_/ `/___/> \/_/\/_/\/___/  \/___/

                         /\___/

                         \/__/



------------------------------------------------------------

get yourname@goatrance.com from http://www.goatrance.com!

electronic music, mail, trance and downloads at http://www.futuretrance.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru