Gadu-Gadu EasycallLite.oce Audio Device Monitoring

2005-11-21T09:17:55
ID OSVDB:21020
Type osvdb
Reporter Jaroslaw Sajko(security@man.poznan.pl), Blazej Miga(security@man.poznan.pl)
Modified 2005-11-21T09:17:55

Description

Vulnerability Description

Gadu-Gadu contains a flaw that may allow malicious sites to eavesdrop on the audio devices. The issue is triggered when the "EasycallLite.oce" ActiveX object exposes sensitive features. It is possible that the flaw may allow audio device monitoring, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 7.0 (build 22) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Gadu-Gadu contains a flaw that may allow malicious sites to eavesdrop on the audio devices. The issue is triggered when the "EasycallLite.oce" ActiveX object exposes sensitive features. It is possible that the flaw may allow audio device monitoring, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.gadu-gadu.pl Secunia Advisory ID:17597 Related OSVDB ID: 21017 Related OSVDB ID: 21019 Related OSVDB ID: 21016 Related OSVDB ID: 21015 Related OSVDB ID: 21018 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html CVE-2005-3892 Bugtraq ID: 15520