Yahoo Messenger 8.1 Address Book Buffer Overflow
#################################################################
####
XDisclose Advisory : XD100002
Vulnerability Discovered : 10 April 2007
Advisory Released : 17 July 2007
Credit : Rajesh Sethumadhavan
Class : Buffer OverFlow
Denial Of Service
Solution Status : Unpatched
Vendor : Yahoo Inc
Vendor Website : http://www.yahoo.com
Affected applications : Yahoo Messenger 8.1 and prior
#################################################################
####
Overview:
Yahoo! Inc. is an American computer services company with a
mission
to "be the most essential global Internet service for
consumers and
businesses". It operates an Internet portal, including the
popular
Yahoo! Mail and Yahoo Messenger. According to Web trends Yahoo!
is
the most visited website on the Internet today with more than
400
million unique users. The global network of Yahoo! websites
received
3.4 billion page views per day on average as of October 2005.
Description:
Yahoo! Messenger is a widely used communicating program over the
Internet. A buffer overflow vulnerability is discovered in the
Yahoo!
Messenger for Microsoft Windows. Buffer overflow occurs when
Yahoo!
Messenger loads a specially crafted address book entry.
Code:
POC:
-Create a address book entry using yahoo portal with large amount
of
'a' in "email address" textbox.
-Login to yahoo messenger
-Go to address book tab in yahoo messenger
-Place your mouse over the specially crafted address book entry
-Yahoo messenger will immediately crash
Exploitation Method:
-Send an address book to the victim with specially crafted
address
-Social engineer the victim to place mouse over the imported
address
Screenshot:
http://www.xdisclose.com/images/yahooaddressbof.jpg
Impact:
Successful exploitation may allows execution of arbitrary code
with
Privilege of currently log users.
Original Advisory:
http://www.xdisclose.com/advisory/XD100002.html
Credits:
Rajesh Sethumadhavan has been credited with the discovery of this
vulnerability
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thông tin new bugs và exploits
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]")
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[Avatar]](/hvaonline/images/avatar/1099262d08ad760566784006371a19d1.jpg "[Avatar]")
![[WWW]](/hvaonline/templates/viet/images/icon_www.gif "[www]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")