RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow

• Previous message: David Loyd: "[Full-Disclosure] Nachi Worm"
• In reply to: Kristian Hermansen: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Next in thread: madsaxon: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Reply: madsaxon: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Thu, 04 Dec 2003 13:30:06 -0600

I have a feeling that the Secret Service and FBI might be visiting you
very very soon and I really hope your whois is not your actual name and
location. I have a sneaking suspicion that any death threat/reference
is a federal offense.

Registrant:
H T Technology Solutions (SRUMIOOORD)
   Suite #107
   333 1ST ST BLVD
   LOWELL, MA 01850
   US

   Domain Name: KILLGEORGEBUSH.COM

   Administrative Contact:
      H T Technology Solutions (36153682O)
ceo@ht-technology.com
      Suite #107
      333 1ST ST BLVD
      LOWELL, MA 01850
      US
      (781) 588-3893
   Technical Contact:
      ValueWeb (HOS237-ORG) hostmaster@VALUEWEB.NET
      ValueWeb
      3250 west commercial Blvd.
      Ft Lauderdale, FL 33309
      US
      954-334-8000 fax: 954-334-8001

   Record expires on 06-Oct-2005.
   Record created on 06-Oct-2003.
   Database last updated on 4-Dec-2003 14:29:02 EST.

   Domain servers in listed order:

   NS2.VALUEWEB.NET 216.219.254.10
   NS.VALUEWEB.NET 216.219.253.211

On Thu, 2003-12-04 at 12:37, Kristian Hermansen wrote:
> KillGeorgeBush.com is getting ready to go prime-time, but...oh yeah...I have
> finals!!! If anyone has any good content for my KillGeorgeBush.com website,
> please send me emails/link (audio, video, documents, etc.) Remember: George
> Bush deserves to die for his lies and lootin'!!! I am now accepting
> donations through Paypal, of which the money will go straight to terrorist
> organizations who have interests vested in removing the Bush administration
> from political power...
>
>
> Kristian Hermansen
> khermansen@ht-technology.com
>
> -----Original Message-----
> From: List Account [mailto:list.account@cerdant.com]
> Sent: Thursday, December 04, 2003 12:58 PM
> To: 'Kristian Hermansen'
> Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
> overflow
>
> Nice site! Where's the content? (Killgeorgebush.com)
>
>
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Kristian Hermansen
> Sent: Thursday, December 04, 2003 10:56 AM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger
> YAUTO.DLL buffer overflow
>
>
> Dude, thanks for the calc tips!!! LATE makes perfect sense ;-)
>
>
> Kristian Hermansen
> khermansen@ht-technology.com
>
> -----Original Message-----
> From: List Account [mailto:list.account@cerdant.com]
> Sent: Thursday, December 04, 2003 10:41 AM
> To: 'Kristian Hermansen'
> Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger
> YAUTO.DLL buffer overflow
>
> Funny you should be talking about Calculus, I'm finishing 152 now
> (finals next week). Integration by parts not that bad. Here's a
> tip; LATE Logs Algebraic Trig Exponentials What this is for is to
> find u, so that du will be something simpler. So to use LATE to
> find u, try them in order, i.e. is there a ln? No, then is there
> an algebraic function you can integrate?, etc.
>
> HTH,
> Nathan
>
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Kristian Hermansen
> Sent: Thursday, December 04, 2003 9:19 AM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger
> YAUTO.DLL buffer overflow
>
>
> OMFG Tri, hahahahaha!!! Remember when you couldn't figure out
> who hijacked yer mail/Paypal accounts? Looks like we know who
> did it now. Did he take any money from yer Paypal account? I do
> agree with one thing that he said..."Stop leaking and killing my
> bug kid. Go to school to learn more." Dude you missed calculus
> class again and don't forget we are doing integration by
> parts/series this week/next week. Maybe you aren't as slick as I
> thought you were. Stealing bugs from other people? Dude, I had
> a lot of respect for you...but now...I'm just not so sure about
> your "integrity". Are you really finding these bugs with
> OllyDebug/IDAPro, or are you monitoring security researchers
> email accounts to get your info? Dude, I only ask because I
> believe everyone here has the right to know...
>
>
> Kristian Hermansen
> khermansen@ht-technology.com
>
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of De
> Blanc
> Sent: Thursday, December 04, 2003 2:17 AM
> To: full-disclosure@lists.netsys.com
> Cc: bugtraq@securityfocus.com
> Subject: Re: [Full-Disclosure] RE: Yahoo Instant Messenger
> YAUTO.DLL buffer overflow
>
> Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs.
> But you are more sux than yahoo since you stole my
> work and posted my found bug to yahoo and bugtraq.
> Funny enough when your little company SentryUnion is
> trying to sell "Indetify Theft" protection service but
> you got owned, stole mail and money from your paypal
> account, logged everything your chatted with gf via
> one another yahoo messenger 0day.
>
> Stop leaking and killing my bug kid. Go to school to
> learn more.
>
> The Blanc
>
> <trihuynh@zeeup.com> wrote:
> >Hi all,
> >This bug is a lame bug, very lame actually. I release
> it in order to
> >show that how a big company don't even do a basic QA.
> If we look through
> >the security records of YIM, almost any YIM's
> ActiveX/Com
> >components do have some kind of buffer overflow and
> it is very easy
> >to spot them too (by fuzzing the IDispatch
> interface). I have no idea
> >how can QA guys in the YIM project can manage to let
> these
> >dangerous bugs survival through the testing state.
> Maybe they
> >are so busy watching the new "Joe Millionaire" show
> :-))))
> >Trihuynh
> >Sentryunion
> >-----Original Message-----
> >From: full-disclosure-admin@lists.netsys.com
> >[mailto:full-disclosure-admin@lists.netsys.com] On
> Behalf Of Tri Huynh
> >Sent: Wednesday, December 03, 2003 10:07
> >To: full-disclosure@lists.netsys.com;
> bugtraq@securityfocus.com
> >Cc: bugs@securitytracker.com; news@securiteam.com;
> vuln@secunia.com
> >Subject: [Full-Disclosure] Yahoo Instant Messenger
> YAUTO.DLL buffer overflow
> >
> >Yahoo Instant Messenger YAUTO.DLL buffer overflow
> >=================================================
> >PROGRAM: Yahoo Instant Messenger (YIM)
> >HOMEPAGE: http://messenger.yahoo.com
> >VULNERABLE VERSIONS: 5.6.0.1347 and below
> >
> >DESCRIPTION
> >=================================================
> >YIM is one of the most popular instant messenger.
> This is a cool product,
> >that allows me to chat with my gf from a very long
> distant :-).
> >
> >DETAILS
> >=================================================
> >YAUTO.DLL is an ActiveX/COM component that comes with
> Yahoo Install
> >Messenger. YAUTO.DLL is registered under a ProgID
> called "YAuto.NSAuto.1".
> >In this component, there is a function named
> Open(String Url) that will
> >cause a buffer overflow if argument Url is passed
> with a long string. Since
> >this is an ActiveX component, the vulnerability can
> be exploited just by
> >making a website with the correct CLSID of the
> ActiveX and call the function
> >directly. We have successfully exploited the
> vulnerability by making a
> >website that can download a trojan and execute it
> silently.
> >
> >WORKAROUND
> >=================================================
> >Yahoo has been contacted at
> enterprisesales@yahoo-inc.com (this is the only
> >email that I can find on the Yahoo Messenger Site)
> but doesn't response
> >after 1 month. The workaround solution is deleting
> the YAUTO.DLL file in
> >your YIM directory.
> >
> >CREDITS
> >=================================================
> >Discovered by Tri Huynh from SentryUnion
> >
> >DISLAIMER
> >=================================================
> >The information within this paper may change without
> notice. Use of this
> >information constitutes acceptance for use in an AS
> IS condition. There are
> >NO warranties with regard to this information. In no
> event shall the author
> >be liable for any damages whatsoever arising out of
> or in connection with
> >the use or spread of this information. Any use of
> this information is at the
> >user's own risk.
> >
> >FEEDBACK
> >=================================================
> >Please send suggestions, updates, and comments to:
> trihuynh@zeeup.com
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >----------------------------------------------------------------
> ----
> >mail2web - Check your email from the web at http://mail2web.com/
> .
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> __________________________________
> Do you Yahoo!?
> Free Pop-Up Blocker - Get it now
> http://companion.yahoo.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: David Loyd: "[Full-Disclosure] Nachi Worm"
• In reply to: Kristian Hermansen: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Next in thread: madsaxon: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Reply: madsaxon: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]