LAN Messenger v1.2.28 - Persistent Software Vulnerability

ID 1337DAY-ID-18281
Type zdt
Reporter Benjamin K.M.
Modified 2012-05-16T00:00:00


Exploit for windows platform in category local exploits

LAN Messenger v1.2.28 - Persistent Software Vulnerability

Common Vulnerability Scoring System:

LAN Messenger is a free and open source cross-platform instant messaging application for communication over a 
local network. It does not require a server. A number of useful features including event notifications, file transfer 
and message logging are provided.

(Copy of the Website: )

A persistent software vulnerability is detected in in LAN Messenger v1.2.28. The bug is located in the profile display 
& nickname validation of the software. The vulnerability allows an attacker (remote) to implement own malicious script codes as 
profile. The code is getting executed when the attacker writes the victim a message. The vulnerable nickname input is getting 
executed as output of the messagebox when processing to write a message. Successful exploitation can lead in persistent hijacking, 
external malicious redirects, persistent script code execution to compromise the connected network client system.

Vulnerable Module(s):
				[+] Username as seen by Contacts - Messagebox Display & Input

The security risk of the persistent remote web vulnerability is estimated as high.

# [2018-04-08]  #