Yahoo! Messenger 5.6 - File Transfer Buffer Overrun

2003-10-27T00:00:00
ID EXPLOITPACK:DD71F768CDDDBC77CC162E2EA5EA4FF5
Type exploitpack
Reporter Hat-Squad Security Team
Modified 2003-10-27T00:00:00

Description

Yahoo! Messenger 5.6 - File Transfer Buffer Overrun

                                        
                                            source: Yahoo! Messenger File Transfer Buffer Overrun Vulnerability

Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the victim user must then accept. This will reportedly result in an access violation error, which is likely due to memory corruption.

An attacker may theoretically exploit this condition to execute arbitrary code on a client system. This condition can be exploited via a malicious 'sendfile' link. 

YMSGR:sendfile?[victim_yahooID]+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&c%c:\[somefile]