Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Yahoo Toolbar YShortcut.dll IsTaggedBM() Buffer Overflow
From: Elazar Broad <elazarb () earthlink net>
Date: Wed, 19 Dec 2007 10:56:28 -0500 (EST)
YShortcut is a feature of the Yahoo toolbar which allows you to map shortcuts to URLS, i.e. y = http://www.yahoo.com 
and bla = http://www.somesite.com. The IsTaggedBM function is called every time anything is typed into the browsers 
address bar. This function suffers from an exploitable buffer overflow if 3000 characters is passed to it. Instead of 
doing their own bounds checking, Yahoo relies on the 2083 maximum URL length for Internet Explorer. This object is NOT 
marked safe for scripting.

YShortcut.dll, version 2006.8.15.1 
{67CE97C5-ABE6-429A-B6BD-3BD1333A0825}

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Yahoo Toolbar YShortcut.dll IsTaggedBM() Buffer Overflow Elazar Broad (Dec 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]