RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow

From: Kristian Hermansen (khermansen_at_ht-technology.com)
Date: 12/04/03

  • Next message: misiu__at_gmx.de: "Re: [Full-Disclosure] big activity"
    To: <full-disclosure@lists.netsys.com>
    Date: Thu, 4 Dec 2003 14:26:26 -0500
    
    

    Yeah, but mentally they (and you) are all under 20 or else you would not be
    subscribed to this "pathetic" kiddie list...

    Kristian Hermansen
    khermansen@ht-technology.com

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of dave kleiman
    Sent: Thursday, December 04, 2003 11:53 AM
    To: 'Kristian Hermansen'; full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    overflow

    Is there actually anyone on the list who is over the age of 20?

     
    _______________________________
    Dave Kleiman, CISSP, MCSE, CIFI
    dave@isecureu.com
    www.SecurityBreachResponse.com

    "High achievement always takes place in the framework of high expectation."
    Jack Kinder

     

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Kristian
    Hermansen
    Sent: Thursday, December 04, 2003 10:56
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    overflow

    Dude, thanks for the calc tips!!! LATE makes perfect sense ;-)

    Kristian Hermansen
    khermansen@ht-technology.com

    -----Original Message-----
    From: List Account [mailto:list.account@cerdant.com]
    Sent: Thursday, December 04, 2003 10:41 AM
    To: 'Kristian Hermansen'
    Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    overflow

    Funny you should be talking about Calculus, I'm finishing 152 now (finals
    next week). Integration by parts not that bad. Here's a tip; LATE Logs
    Algebraic Trig Exponentials What this is for is to find u, so that du will
    be something simpler. So to use LATE to find u, try them in order, i.e. is
    there a ln? No, then is there an algebraic function you can integrate?, etc.

    HTH,
    Nathan

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Kristian
    Hermansen
    Sent: Thursday, December 04, 2003 9:19 AM
    To: full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    overflow

    OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked
    yer mail/Paypal accounts? Looks like we know who did it now. Did he take
    any money from yer Paypal account? I do agree with one thing that he
    said..."Stop leaking and killing my bug kid. Go to school to learn more."
    Dude you missed calculus class again and don't forget we are doing
    integration by parts/series this week/next week. Maybe you aren't as slick
    as I thought you were. Stealing bugs from other people? Dude, I had a lot
    of respect for you...but now...I'm just not so sure about your "integrity".
    Are you really finding these bugs with OllyDebug/IDAPro, or are you
    monitoring security researchers email accounts to get your info? Dude, I
    only ask because I believe everyone here has the right to know...

    Kristian Hermansen
    khermansen@ht-technology.com

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of De Blanc
    Sent: Thursday, December 04, 2003 2:17 AM
    To: full-disclosure@lists.netsys.com
    Cc: bugtraq@securityfocus.com
    Subject: Re: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    overflow

    Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs.
    But you are more sux than yahoo since you stole my work and posted my found
    bug to yahoo and bugtraq.
    Funny enough when your little company SentryUnion is trying to sell
    "Indetify Theft" protection service but you got owned, stole mail and money
    from your paypal account, logged everything your chatted with gf via one
    another yahoo messenger 0day.

    Stop leaking and killing my bug kid. Go to school to learn more.

    The Blanc

    <trihuynh@zeeup.com> wrote:
    >Hi all,
    >This bug is a lame bug, very lame actually. I release
    it in order to
    >show that how a big company don't even do a basic QA.
    If we look through
    >the security records of YIM, almost any YIM's
    ActiveX/Com
    >components do have some kind of buffer overflow and
    it is very easy
    >to spot them too (by fuzzing the IDispatch
    interface). I have no idea
    >how can QA guys in the YIM project can manage to let
    these
    >dangerous bugs survival through the testing state.
    Maybe they
    >are so busy watching the new "Joe Millionaire" show
    :-))))
    >Trihuynh
    >Sentryunion
    >-----Original Message-----
    >From: full-disclosure-admin@lists.netsys.com
    >[mailto:full-disclosure-admin@lists.netsys.com] On
    Behalf Of Tri Huynh
    >Sent: Wednesday, December 03, 2003 10:07
    >To: full-disclosure@lists.netsys.com;
    bugtraq@securityfocus.com
    >Cc: bugs@securitytracker.com; news@securiteam.com;
    vuln@secunia.com
    >Subject: [Full-Disclosure] Yahoo Instant Messenger
    YAUTO.DLL buffer overflow
    >
    >Yahoo Instant Messenger YAUTO.DLL buffer overflow
    >=================================================
    >PROGRAM: Yahoo Instant Messenger (YIM)
    >HOMEPAGE: http://messenger.yahoo.com
    >VULNERABLE VERSIONS: 5.6.0.1347 and below
    >
    >DESCRIPTION
    >=================================================
    >YIM is one of the most popular instant messenger.
    This is a cool product,
    >that allows me to chat with my gf from a very long
    distant :-).
    >
    >DETAILS
    >=================================================
    >YAUTO.DLL is an ActiveX/COM component that comes with
    Yahoo Install
    >Messenger. YAUTO.DLL is registered under a ProgID
    called "YAuto.NSAuto.1".
    >In this component, there is a function named
    Open(String Url) that will
    >cause a buffer overflow if argument Url is passed
    with a long string. Since
    >this is an ActiveX component, the vulnerability can
    be exploited just by
    >making a website with the correct CLSID of the
    ActiveX and call the function
    >directly. We have successfully exploited the
    vulnerability by making a
    >website that can download a trojan and execute it
    silently.
    >
    >WORKAROUND
    >=================================================
    >Yahoo has been contacted at
    enterprisesales@yahoo-inc.com (this is the only
    >email that I can find on the Yahoo Messenger Site)
    but doesn't response
    >after 1 month. The workaround solution is deleting
    the YAUTO.DLL file in
    >your YIM directory.
    >
    >CREDITS
    >=================================================
    >Discovered by Tri Huynh from SentryUnion
    >
    >DISLAIMER
    >=================================================
    >The information within this paper may change without
    notice. Use of this
    >information constitutes acceptance for use in an AS
    IS condition. There are
    >NO warranties with regard to this information. In no
    event shall the author
    >be liable for any damages whatsoever arising out of
    or in connection with
    >the use or spread of this information. Any use of
    this information is at the
    >user's own risk.
    >
    >FEEDBACK
    >=================================================
    >Please send suggestions, updates, and comments to:
    trihuynh@zeeup.com
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter:
    http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >----------------------------------------------------------------

    ----
    >mail2web - Check your email from the web at http://mail2web.com/
    .
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html
    __________________________________
    Do you Yahoo!?
    Free Pop-Up Blocker - Get it now
    http://companion.yahoo.com/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: misiu__at_gmx.de: "Re: [Full-Disclosure] big activity"

    Relevant Pages