SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   Yahoo Messenger Vendors:   Yahoo
Yahoo Messenger Buffer Overflow in Address Book May Let Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018398
SecurityTracker URL:  http://securitytracker.com/id/1018398
CVE Reference:   CVE-2007-3928   (Links to External Site)
Updated:  May 6 2008
Original Entry Date:  Jul 17 2007
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 8.1 and prior versions
Description:   Rajesh Sethumadhavan reported a vulnerability in Yahoo Messenger. A user may be able to cause arbitrary code to be executed on the target system.

A user can create an address book entry with a specially crafted email address value. When the target user imports the address book and then places their mouse over the entry in the address book tab, Yahoo Messenger will crash.

It may be possible to execute arbitrary code on the target user's system. However, the report did not confirm code execution.

The original advisory is available at:

http://www.xdisclose.com/advisory/XD100002.html

Impact:   A user may be able to cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.yahoo.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Yahoo Messenger 8.1 Buffer Overflow

Yahoo Messenger 8.1 Address Book Buffer Overflow

#####################################################################

XDisclose Advisory           : XD100002
Vulnerability Discovered    : 10 April 2007 
Advisory Released            : 17 July 2007
Credit                              : Rajesh Sethumadhavan

Class                              : Buffer OverFlow
                                        Denial Of Service
Solution Status                : Unpatched
Vendor                            : Yahoo Inc
Vendor Website               : http://www.yahoo.com
Affected applications        : Yahoo Messenger 8.1 and prior

#####################################################################


Overview:
Yahoo! Inc. is an American computer services company with a mission
to "be the most essential global Internet service for consumers and
businesses". It operates an Internet portal, including the popular
Yahoo! Mail and Yahoo Messenger. According to Web trends Yahoo! is
the most visited website on the Internet today with more than 400
million unique users. The global network of Yahoo! websites received
3.4 billion page views per day on average as of October 2005.


Description:
Yahoo! Messenger is a widely used communicating program over the
Internet. A buffer overflow vulnerability is discovered in the Yahoo!
Messenger for Microsoft Windows. Buffer overflow occurs when Yahoo!
Messenger loads a specially crafted address book entry.

POC:
-Create a address book entry using yahoo portal with large amount of
'a' in "email address" textbox.
-Login to yahoo messenger
-Go to address book tab in yahoo messenger
-Place your mouse over the specially crafted address book entry
-Yahoo messenger will immediately crash

Exploitation Method:
-Send an address book to the victim with specially crafted address
-Social engineer the victim to place mouse over the imported address


Screenshot:
http://www.xdisclose.com/images/yahooaddressbof.jpg


Impact:
Successful exploitation may allows execution of arbitrary code with
Privilege of currently log users.


Original Advisory:
http://www.xdisclose.com/advisory/XD100002.html


Credits:
Rajesh Sethumadhavan has been credited with the discovery of this vulnerability


 
---------------------------------
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC