-
May 30th, 2002, 07:05 AM
#1
Vulnerability: Yahoo! Messenger Call Center Buffer Overflow
Yahoo! Messenger configures the 'ymsgr:' URI handler when it is installed. The handler invokes YPAGER.EXE with the supplied parameters. YPAGER.EXE accepts the 'call' argument; it is used for starting the 'Call Center' feature.
There is a stack overrun condition in the 'Call Center' component that may be exploited through a specially constructed URI. It has been reported that the stack frame of the affected function will be corrupted if the argument to the 'call' parameter passed to YPAGER.EXE is of 268 bytes or greater in length.
Attackers may exploit this vulnerability to execute arbitrary code.
Remote: Yes
Exploit: No
Source: http://www.xatrix.org/article1564.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|