The Palace Graphical Chat Client Remote Buffer Overflow Vulnerability

It has been reported that The Palace graphical chat client may be prone to a remote buffer overflow vulnerability when processing excessively long links such as:

palace://('a'x118)('BBBB')('XXXX')

Immediate consequences of an attack may result in a denial of service condition. Although unconfirmed, successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the vulnerable user in order to gain unauthorized access.

The Palace chat client versions 3.5 and prior have been reported to be prone to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus