[Full-Disclosure] Broadcast buffer-overflow in Vypress Messenger 3.5.1

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 10/01/04

  • Next message: Phantasmal Phantasmagoria: "[Full-Disclosure] On Polymorphic Evasion"
    To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com
    Date: Fri, 1 Oct 2004 19:24:15 +0000
    
    

    #######################################################################

                                 Luigi Auriemma

    Application: Vypress Messenger
                  http://www.vypress.com/products/messenger/
    Versions: <= 3.5.1
    Platforms: Windows
    Bug: buffer overflow
    Risk: critical
    Exploitation: remote, broadcast
    Date: 01 October 2004
    Author: Luigi Auriemma
                  e-mail: aluigi@altervista.org
                  web: http://aluigi.altervista.org

    #######################################################################

    1) Introduction
    2) Bug
    3) The Code
    4) Fix

    #######################################################################

    ===============
    1) Introduction
    ===============

    Vypress Messenger is an intranet Windows application for exchanging
    messages.

    #######################################################################

    ======
    2) Bug
    ======

    A visualization function in the program is affected by a
    buffer-overflow bug exploitable using 776 chars in the field #1 of a
    message.

    Due to the intranet nature of the program is possible to exploit any
    host in the LAN simply sending the malicious message to a broadcast
    address.

    #######################################################################

    ===========
    3) The Code
    ===========

    http://aluigi.altervista.org/poc/vymesbof.zip

    #######################################################################

    ======
    4) Fix
    ======

    Version 4.0 RC1:

      http://www.vypress.com/previews/

    #######################################################################

    ---
    Luigi Auriemma
    http://aluigi.altervista.org

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Phantasmal Phantasmagoria: "[Full-Disclosure] On Polymorphic Evasion"

    Relevant Pages