vulnerabilitate pt Yahoo Messenger 8.1 [DOS]

[kw3rln]

Vulnerabilitatea poate fi exploatatã atunci când victima acceptã o invitaþie pentru o conversaþie cu ajutorul camerei web.

Testat pe Yahoo Messenger 8.1.0.413

1. downloadezi http://www.team509.com/expyahoo.rar

2. compilezi dll-ul

3. alegi "invite to view my webcam" la un contact care ii online

4. cand a dat accept injectezi dll-ul in procesul de yahoo messenger

5. messengerul celuilalt sa "buseste"

[Ras]

am intrat pe link-ul ala si imi arata multe caractere sau ce or fii alea

M?!TwQ?OkjN??;?p"?3?-^q
p?-???%@?K?X?Wcl?PN?6H,x????'D?s?ak??vdh6]
?
?2/ ??}t?ky??$???e?>%??`=??V??ic?Xq^??0z~>S?&P?+?e^?L?uv 8hS?[?VaELF?m??<?l?NPiti2X=y!????k??'v?o".???E?
+??

[oXyGeN]

am intrat pe link-ul ala si imi arata multe caractere sau ce or fii alea

M?!TwQ?OkjN??;?p"?3?-^q
p?-???%@?K?X?Wcl?PN?6H,x????'D?s?ak??vdh6]
?
?2/ ??}t?ky??$???e?>%??`=??V??ic?Xq^??0z~>S?&P?+?e^?L?uv 8hS?[?VaELF?m??<?l?NPiti2X=y!????k??'v?o".???E?
+??

ia-l cu un download manager...

[kw3rln]

doamne ras

[vladiii]

Mi se pare ca este ceva si mai interesant, un buffer overflow in ywcvwr.dll care permite si executia de cod remote. Si BOFul asta provine tot de la webcam ! :roll:

[Ras]

am intrat pe link-ul ala si imi arata multe caractere sau ce or fii alea

M?!TwQ?OkjN??;?p"?3?-^q
p?-???%@?K?X?Wcl?PN?6H,x????'D?s?ak??vdh6]
?
?2/ ??}t?ky??$???e?>%??`=??V??ic?Xq^??0z~>S?&P?+?e^?L?uv 8hS?[?VaELF?m??<?l?NPiti2X=y!????k??'v?o".???E?
+??

ia-l cu un download manager...

damn nu mi-a trecut prin cap ;D

[Guest Nemessis]

Sau click dreapta pe link si save as...