Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] GAIM exploit

from [Randall Perry] Network Security [Permanent Link]
Subject: [Full-Disclosure] GAIM exploit
Date: Thu, 24 Feb 2005 17:02:07 -0500 
Platform: Windows (tested only on XP and 2000, might impact others)
Application: GAIM v1.1.3
Synopsis: Cause remote crash of GAIM client.
Scenario:

By sending a file to another GAIM user, you can cause their GAIM client
to crash and completely close GAIM down.

Simply send a file to someone with parenthesis in it, and it will crash
when they accept the download (the download does not even begin, it just
crashes).

Example: filename of gaim1.1(windows).exe
will cause it to crash.

I am still playing with the debug version of GAIM, and having just run
through GTK updates to 2.4 I do not have time to digest and post those.
So far, it looks like it has to do with libglib-2.0-0.dll
I am following up with a post to GAIM developers with a complete report.

http://www.domain-logic.com/


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] MDKSA-2005:046 - Updated uim packages fix vulnerability, Mandrakelinux Security Team
Next by Date:  Re: [Full-Disclosure] Xfree86 video buffering?, Eric Paynter
Previous by Thread:  [Full-Disclosure] MDKSA-2005:046 - Updated uim packages fix vulnerability, Mandrakelinux Security Team
Next by Thread:  RE: [Full-Disclosure] GAIM exploit, Aditya Deshmukh
Indexes:  [Date] [Thread] [Top] [All Lists]