en

‫ Novell Messenger Client Contact File Processing Buffer Overflow Vulnerability

IRCAD2012021747
ID: IRCAD2012021747
Release Date: 2012-02-21
Criticality level: Highly critical
Software: Novell Messenger Client 2.x
 
Description:
Luigi Auriemma has discovered a vulnerability in Novell Messenger Client, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing the "name" value of a "folder" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted contact list file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening or importing a malicious file.
The vulnerability is confirmed in version 2.1.0. Other versions may also be affected.
 
Solution:
Do not open or import contact list files from untrusted sources.
 
Sources:
 
Secunina:

The Wall

No comments
You need to sign in to comment