[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] GAIM exploit

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] GAIM exploit
From: Randall Perry <lists@xxxxxxxxxxxxxxxx>
Date: Thu, 24 Feb 2005 17:02:07 -0500

Platform: Windows (tested only on XP and 2000, might impact others)
Application: GAIM v1.1.3
Synopsis: Cause remote crash of GAIM client.
Scenario:

By sending a file to another GAIM user, you can cause their GAIM client
to crash and completely close GAIM down.

Simply send a file to someone with parenthesis in it, and it will crash
when they accept the download (the download does not even begin, it just
crashes).

Example: filename of gaim1.1(windows).exe
will cause it to crash.

I am still playing with the debug version of GAIM, and having just run
through GTK updates to 2.4 I do not have time to digest and post those.
So far, it looks like it has to do with libglib-2.0-0.dll
I am following up with a post to GAIM developers with a complete report.

http://www.domain-logic.com/


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] GAIM exploit
  - From: Aditya Deshmukh

Prev by Date: [Full-Disclosure] RE: Incorrect Classification of iDownload's Product as Spyware...
Next by Date: Re: [Full-Disclosure] Xfree86 video buffering?
Previous by thread: [Full-Disclosure] RE: Incorrect Classification of iDownload's Product as Spyware...
Next by thread: RE: [Full-Disclosure] GAIM exploit
Index(es):
- Date
- Thread