Windows Live Messenger Contact List Heap Overflow
|
|
SecurityTracker Alert ID: 1016373
|
|
SecurityTracker URL: http://securitytracker.com/id?1016373
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 25 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 8.0
|
Description: JAAScois reported a vulnerability in Windows Live Messenger. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted contact list (*.ctt) file that, when loaded by the target user, will trigger a heap
overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A demonstration
exploit is available at:
http://www.jaascois.com/exploits/18602016/CLexploits.ctt
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: get.live.com/messenger/overview (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
Reported By: admin@jaascois.com
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 24 Jun 2006 19:07:49 -0500 (CDT)
From: admin@jaascois.com
Subject: Windows Live Messenger 8.0 Heap Overflow
|
Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
///////////////////////////////////////////////
// by: JAAScois
// www.jaascois.com [ 25/06/2006 ]
//
// Exploit at: 0x0076228A => kernel32.FormatMessageW
// Example:
// download *.ctt file :
http://www.jaascois.com/exploits/18602016/CLexploits.ctt
// Messenger => Menu => Contact => Import Instant Messaging Contacts =>
Select CLexploits.ctt
// Heap size = 4096 => Overflow
//
///////////////////////////////////////////////
|
|
