• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Yahoo! Messenger Address Book Remote Buffer Overflow Vulnerabilitiy

To exploit this issue, an attacker must entice an unsuspecting user to interact with a maliciously crafted address book when using the affected application.

The following proof-of-concept information is available:

1. Create an address book entry using Yahoo! portal with a large amount of 'a's in 'email address' textbox.
2. Log in to Yahoo! Messenger
3. Go to the address book tab
4. Place your mouse pointer over the specially crafted address book entry
5. Yahoo! Messenger will immediately crash