[Full-disclosure] PopUp Plus plugin for Miranda Instant Messenger Buffer Overflow
פורטל אבטחת המידע
editor at sec.org.il
Wed Apr 6 20:53:59 BST 2005
Title: PopUp Plus plugin for Miranda Instant Messenger Buffer Overflow
Publisher: m0fo (editor at sec.org.il)
Vendor: zazoo (zazoo at ua.fm)
Miranda Instant Messenger is application that provides several messenger
services like ICQ, MSN, IRC etc.
One of Mirandas' widely used plugins (PopUp Plus), is vulnerable to a buffer
While the option "Use SmileyAdd Setting" is enabled on the application menu
(Popups > Plus), a remote attacker could trigger the buffer overflow by
roughly 530 characters as an instant message. EIP gets overwritten at 523
The affected version of the plugin is 18.104.22.168, prior versions may also be
I tried to get a vendor response (zazoo), however the mail bounced.
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.