Indiatimes Messenger group name buffer overflow
| indiatimes-messenger-groupname-bo (22110) |  High Risk |
Description:
Indiatimes Messenger is vulnerable to a buffer overflow. If the victim is logged in using the auto logon feature, a remote attacker could host a malicious Web site and rename an existing group with a long group name to cause a heap-based buffer overflow to gain unauthorized access to the victim's system.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Wed Aug 31 2005 - 07:44:12 CDT: Indiatimes Messenger 6.0 Buffer Overflow (Remote).
- Indiatimes Messenger Web site: Indiatimes Messenger.
- BID-14705: Indiatimes Messenger Remote Buffer Overflow Vulnerability
- CVE-2005-2844: Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
- SA16633: Indiatimes Messenger Buffer Overflow Vulnerability
- SECTRACK ID: 1014842: Indiatimes Messenger Can Be Crashed With Specially Crafted Scripting Code
Platforms Affected:
- Indiatimes Messenger Indiatimes Messenger 6.0
Reported:
Sep 01, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net