RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffe r overflow

From: david maynor (dave_at_0dayspray.com)
Date: 12/04/03

  • Next message: Kristian Hermansen: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow" 
    To: full-disclosure@lists.netsys.com
Date: Thu, 04 Dec 2003 16:33:11 -0500

    I AM 12!!

    On Thu, 2003-12-04 at 16:10, Andre Ludwig wrote:
    > Just barely.
    >
    > Andre Ludwig, CISSP
    >
    > -----Original Message-----
    > From: dave kleiman [mailto:dave@isecureu.com]
    > Sent: Thursday, December 04, 2003 8:53 AM
    > To: 'Kristian Hermansen'; full-disclosure@lists.netsys.com
    > Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL
    > buffer overflow
    >
    >
    > Is there actually anyone on the list who is over the age of 20?
    >
    >
    >
    > _______________________________
    > Dave Kleiman, CISSP, MCSE, CIFI
    > dave@isecureu.com
    > www.SecurityBreachResponse.com
    >
    > "High achievement always takes place in the framework of high expectation."
    > Jack Kinder
    >
    >
    >
    >
    >
    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Kristian
    > Hermansen
    > Sent: Thursday, December 04, 2003 10:56
    > To: full-disclosure@lists.netsys.com
    > Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    > overflow
    >
    >
    > Dude, thanks for the calc tips!!! LATE makes perfect sense ;-)
    >
    >
    > Kristian Hermansen
    > khermansen@ht-technology.com
    >
    > -----Original Message-----
    > From: List Account [mailto:list.account@cerdant.com]
    > Sent: Thursday, December 04, 2003 10:41 AM
    > To: 'Kristian Hermansen'
    > Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    > overflow
    >
    > Funny you should be talking about Calculus, I'm finishing 152 now (finals
    > next week). Integration by parts not that bad. Here's a tip; LATE Logs
    > Algebraic Trig Exponentials What this is for is to find u, so that du will
    > be something simpler. So to use LATE to find u, try them in order, i.e. is
    > there a ln? No, then is there an algebraic function you can integrate?, etc.
    >
    > HTH,
    > Nathan
    >
    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Kristian
    > Hermansen
    > Sent: Thursday, December 04, 2003 9:19 AM
    > To: full-disclosure@lists.netsys.com
    > Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    > overflow
    >
    >
    > OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked
    > yer mail/Paypal accounts? Looks like we know who did it now. Did he take
    > any money from yer Paypal account? I do agree with one thing that he
    > said..."Stop leaking and killing my bug kid. Go to school to learn more."
    > Dude you missed calculus class again and don't forget we are doing
    > integration by parts/series this week/next week. Maybe you aren't as slick
    > as I thought you were. Stealing bugs from other people? Dude, I had a lot
    > of respect for you...but now...I'm just not so sure about your "integrity".
    > Are you really finding these bugs with OllyDebug/IDAPro, or are you
    > monitoring security researchers email accounts to get your info? Dude, I
    > only ask because I believe everyone here has the right to know...
    >
    >
    > Kristian Hermansen
    > khermansen@ht-technology.com
    >
    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of De Blanc
    > Sent: Thursday, December 04, 2003 2:17 AM
    > To: full-disclosure@lists.netsys.com
    > Cc: bugtraq@securityfocus.com
    > Subject: Re: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer
    > overflow
    >
    > Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs.
    > But you are more sux than yahoo since you stole my
    > work and posted my found bug to yahoo and bugtraq.
    > Funny enough when your little company SentryUnion is
    > trying to sell "Indetify Theft" protection service but
    > you got owned, stole mail and money from your paypal
    > account, logged everything your chatted with gf via
    > one another yahoo messenger 0day.
    >
    > Stop leaking and killing my bug kid. Go to school to
    > learn more.
    >
    > The Blanc
    >
    > <trihuynh@zeeup.com> wrote:
    > >Hi all,
    > >This bug is a lame bug, very lame actually. I release
    > it in order to
    > >show that how a big company don't even do a basic QA.
    > If we look through
    > >the security records of YIM, almost any YIM's
    > ActiveX/Com
    > >components do have some kind of buffer overflow and
    > it is very easy
    > >to spot them too (by fuzzing the IDispatch
    > interface). I have no idea
    > >how can QA guys in the YIM project can manage to let
    > these
    > >dangerous bugs survival through the testing state.
    > Maybe they
    > >are so busy watching the new "Joe Millionaire" show
    > :-))))
    > >Trihuynh
    > >Sentryunion
    > >-----Original Message-----
    > >From: full-disclosure-admin@lists.netsys.com
    > >[mailto:full-disclosure-admin@lists.netsys.com] On
    > Behalf Of Tri Huynh
    > >Sent: Wednesday, December 03, 2003 10:07
    > >To: full-disclosure@lists.netsys.com;
    > bugtraq@securityfocus.com
    > >Cc: bugs@securitytracker.com; news@securiteam.com;
    > vuln@secunia.com
    > >Subject: [Full-Disclosure] Yahoo Instant Messenger
    > YAUTO.DLL buffer overflow
    > >
    > >Yahoo Instant Messenger YAUTO.DLL buffer overflow
    > >=================================================
    > >PROGRAM: Yahoo Instant Messenger (YIM)
    > >HOMEPAGE: http://messenger.yahoo.com
    > >VULNERABLE VERSIONS: 5.6.0.1347 and below
    > >
    > >DESCRIPTION
    > >=================================================
    > >YIM is one of the most popular instant messenger.
    > This is a cool product,
    > >that allows me to chat with my gf from a very long
    > distant :-).
    > >
    > >DETAILS
    > >=================================================
    > >YAUTO.DLL is an ActiveX/COM component that comes with
    > Yahoo Install
    > >Messenger. YAUTO.DLL is registered under a ProgID
    > called "YAuto.NSAuto.1".
    > >In this component, there is a function named
    > Open(String Url) that will
    > >cause a buffer overflow if argument Url is passed
    > with a long string. Since
    > >this is an ActiveX component, the vulnerability can
    > be exploited just by
    > >making a website with the correct CLSID of the
    > ActiveX and call the function
    > >directly. We have successfully exploited the
    > vulnerability by making a
    > >website that can download a trojan and execute it
    > silently.
    > >
    > >WORKAROUND
    > >=================================================
    > >Yahoo has been contacted at
    > enterprisesales@yahoo-inc.com (this is the only
    > >email that I can find on the Yahoo Messenger Site)
    > but doesn't response
    > >after 1 month. The workaround solution is deleting
    > the YAUTO.DLL file in
    > >your YIM directory.
    > >
    > >CREDITS
    > >=================================================
    > >Discovered by Tri Huynh from SentryUnion
    > >
    > >DISLAIMER
    > >=================================================
    > >The information within this paper may change without
    > notice. Use of this
    > >information constitutes acceptance for use in an AS
    > IS condition. There are
    > >NO warranties with regard to this information. In no
    > event shall the author
    > >be liable for any damages whatsoever arising out of
    > or in connection with
    > >the use or spread of this information. Any use of
    > this information is at the
    > >user's own risk.
    > >
    > >FEEDBACK
    > >=================================================
    > >Please send suggestions, updates, and comments to:
    > trihuynh@zeeup.com
    > >_______________________________________________
    > >Full-Disclosure - We believe in it.
    > >Charter:
    > http://lists.netsys.com/full-disclosure-charter.html
    > >
    > >
    > >----------------------------------------------------------------
    > ----
    > >mail2web - Check your email from the web at http://mail2web.com/
    > .
    > >
    > >_______________________________________________
    > >Full-Disclosure - We believe in it.
    > >Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    > __________________________________
    > Do you Yahoo!?
    > Free Pop-Up Blocker - Get it now
    > http://companion.yahoo.com/
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Kristian Hermansen: "RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow"

    Relevant Pages
    • Quantcast