Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Yahoo! Messenger Download Filename Buffer Overflow May Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-01-12 by ReCall
Views: 408
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Tri Huynh from SentryUnion reported a buffer overflow vulnerability in Yahoo! Messenger. A remote user can send a file to a target user to cause arbitrary code to be executed on the target user's system when the target user attempts to download the file.
It is reported that a specially crafted long filename can trigger the flaw. Arbitrary code execution may be possible.
As a demonstration exploit, the report indicates that you can send a file with the following type of filename:
test.jpg
The author notes that this flaw is different from the filename-related flaw reported in October 2003 [Editor's note: See Alert ID 1008008].
Impact: A remote user may be able to cause arbitrary code to be executed on the target user's system when the target user attempts to download a file. The code will run with the privileges of the target user.
Solution: It is reported that the flaw has been corrected in version 5.6.0.1358 but that the vendor has not disclosed the security issue. According to the report, existing users of vulnerable 5.6 versions cannot upgrade to the new version unless they reinstall the product.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=639
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
