Next Page >>
instant message
proof-of-concept code to demonstrate some of the problems that arise from
the issue reported. The snippets have been arranged according to their
risk level, in increasing order (lower risk first), with the
intention of making this process more self-explanatory. In order for these
snippets to work, they must be sent within the contents of a standard
instant message, but using a client that will not encode message contents
on output:
*Using HTML controls in order to trick victims into revealing sensitive
information or do harmful actions against their accounts/workstations or
to force outbound HTTP requests (CSRF).*
proof-of-concept code to demonstrate some of the problems that arise from
the issue reported. The snippets have been arranged according to their
risk level, in increasing order (lower risk first), with the
intention of making this process more self-explanatory. In order for these
snippets to work, they must be sent within the contents of a standard
instant message, but using a client that will not encode message contents
on output:
*Using HTML controls in order to trick victims into revealing sensitive
information or do harmful actions against their accounts/workstations or
to force outbound HTTP requests (CSRF).*
Instant Messenger Inspection Vulnerability
+-----------------------------------------
Cisco ASA and Cisco PIX devices are affected by a crafted packet
vulnerability if Instant Messaging Inspection is enabled and the
device is running software versions prior to 7.2(4) on the 7.2.x
release, 8.0(3)10 on the 8.0.x release, or 8.1(1)2 on the 8.1.x
release. Devices running software versions in the 7.0.x and 7.1.x
releases are not vulnerable. Additionally, devices that do not have
Instant Messaging Inspection enabled are not vulnerable.
Vulnerability Description
=====================
The vulnerability occurs as a result of how the SIP client component handles an incorrectly sip packet. Method of INVITE or MESSAGE will be ok. MESSAGE is a
sip method for Instant Messaging.
After WengoPhone receive a malformed packet without "Content-Type" field, we call "Missing Content-Type Vulnerability", it will be crash.
Solution
========
Not really.
Vulnerability Description
=====================
The vulnerability occurs as a result of how the SIP client component handles an incorrectly sip packet. Method of
INVITE or MESSAGE will be ok. MESSAGE is a sip method for Instant Messaging.
After X-Lite receive a malformed packet without "Content-Type" field, we call "Missing Content-Type Vulnerability",
it will be crash.
Solution
BZIP2, Unix/Linux ZIP, LZH, etc.
Network/Applications Controlled
* Email: Microsoft Outlook, Lotus Notes and SMTP Email
* Web mail: MSN/Hotmail, Yahoo, GMail, AOL Mail, and more
* Instant Messaging: MSN, AIM, Yahoo, and more
* Network Protocols: FTP, HTTP/HTTPS and SMTP Endpoint Devices Controlled
* USB, CD/DVD, COM & LPT ports, removable disks, floppy, infrared and
imaging
devices, print screen, modems, PCMCIA
#######################################################################
Luigi Auriemma
Application: Ipswitch Instant Messaging
http://www.ipswitch.com/products/instant_messaging
Versions: <= 2.0.8.1
Platforms: Windows
Bugs: A] pre-auth NULL pointer crash in decryption function
B] format string in logging
ICQ 6.5 HTML-injection vulnerability
BACKGROUND
With more than 700 million instant messages sent and received every day, ICQ has been known to the online community as a messaging service. Today, a little more than a decade after the first ICQ instant messaging service was launched it has become much more than just that.
ICQ is a personal communication tool that allows users to meet and interact through instant messaging services such as text, voice, video and VoIP as well as various entertainment and community products.
Source: http://www.icq.com
VULNERABLE PRODUCTS
performing arbitrary actions on the victim's behalf, and logging their
keystrokes.
Users can be induced to issue the attacker's crafted request in various ways.
For example, an attacker can send to the victim a link containing a
malicious URL in
an email or instant message, instead of submit the link to popular web
applications
that don't escape HTML characters such as <>'\().
An example is the following:
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Pidgin is an instant messaging program with which you can use a number of protocols known as (MSN, ICQ, AIM).
While there is Pidgin 2.4.2 version which was not provided in this version so I could not say whether it was also vulnerable.
------------------------------------------------------
Vulnerability
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775 579601
The packages for Pidgin released as DSA 2038-1 had a regression, as they
unintentionally disabled the Zephyr instant messaging protocol. This
update restores Zephyr functionality. For reference the original
advisory text below.
Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
The most important bug is the directory traversal (1) bug for the Flash
Notes feature of the Timbuktu Pro client.
Timbuktu Pro is able to send Flash Notes (like an instant message) and
attach files to those notes. Both the message (which will be written to
a text file once received by the target) and the files attached to the
note are transferred to a temporal folder on the target installation
folder (default path is C:\Program Files\Timbuktu Pro\). The file
transfer begins and it is unnoticed by the target user. Once the
Finally, let me explain how I personally use virtual machines to put this
all in context of why I think this is important. I use Windows Vista as my
host machine, logged in as a non-admin user. I am typing this e-mail--also
as a non-admin user--in a Windows XP virtual machine dedicated to instant
messaging and e-mail. On another monitor I have a VM running Windows 2003 as
a domain controller (btw, you need the client utilities on domain
controllers to keep the clock correct) where I am logged in as an
administrator, but the screen saver is password-protected and I lock the
console anyway when I am finished using it. On that machine I have a number
of admin and networking tools installed. Finally, I have yet another Windows
What is Exomind?
Exomind is an experimental Python console and programmatic framework for
building decorated graphs and developing open-source intelligence
modules and ideas, centered on social network services, search engines
and instant messaging.
Tool:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=tool&name=Exomind
BA-Con 2008 slides:
Exploitation allows an attacker to execute arbitrary code in the context
of a user opening a malicious presentation using Microsoft PowerPoint
Viewer 2003. In order to exploit this vulnerability, an attacker must
persuade, or otherwise force, a targeted user to open such a document.
This could be accomplished using a direct URL, an e-mail, an instant
message, or even by hijacking a trusted site.
IV. DETECTION
iDefense has confirmed that pptview.exe file version 11.0.5703.0 and
file version 11.0.6566.0, as included in Microsoft Office 2003 SP2, are
The Miranda IM instant messaging software silently falls back to
unencrypted connections if a Jabber/XMPP server does not report that it
supports TLS, even if "Use TLS" is checked. This allows an active
attacker to perform MitM attacks on Jabber/XMPP connections which the
user assumes to be secure.
Proof of concept MitM server attached.
Miranda IM team was notified via bugtracker. Issue was closed without
being fixed, probably because of confusion with another, similar issue
providing encrypted and authenticated communications over an insecure
medium such as the Internet. The SILC application of the same name
implements the protocol as an open source project. SILC is generally
used as a more secure replacement for Internet Relay Chat (IRC) networks
and other open and publicly accessible as well as private instant
messaging networks. A remote buffer overflow vulnerability found in a
library used by both the SILC server and client to process packets
containing cryptographic material may allow an un-authenticated client
to execute arbitrary code on the server with the privileges of the user
account running the server, or a malicious SILC server to compromise
client systems and execute arbitrary code with the privileges of the
I. BACKGROUND
----------------------
Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.
http://www.novell.com/products/groupwise/
disclosure, or Denial of Service.
Background
==========
Pidgin is a client for a variety of instant messaging protocols.
Affected packages
=================
-------------------------------------------------------------------
tested against IE8b/xp sp3
9sg site: http://retrogod.altervista.org/
software site: http://www.oovoo.com/
description: ooVoo is a startup video conferencing and instant messaging
application, similar to Skype Video.[1] ooVoo allows video chats with up to 6
participants, and unlike Skype Video, does not use a P2P network.[..]
faultmon dump of oovoo.exe processing the url given:
...
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that the Gadu library, used by some Instant Messaging
clients, did not correctly verify certain packet sizes from the server.
If a user connected to a malicious server, clients using Gadu could be
made to crash, leading to a denial of service.
Nine:Situations:Group::SnoopyAssault
site: http://retrogod.altervista.org/
exploit url: http://retrogod.altervista.org/9sg_c6_download_exec.html
"C6 Messenger is an instant messaging program produced by Telecom Italia Group,
specifically by Alice (distribution), Icon Spa (development, design and server)
and Opendoc (graphics). It is the only instant messenger entirely produced in
Italy, is a free program, allows you to chat in real time with friends[..]"
installation urls:
spoofing.
Background
==========
Pidgin (formerly Gaim) is an instant messaging client for a variety of
instant messaging protocols. It is based on the libpurple instant
messaging library.
Affected packages
=================
* Browsing to a web-site that contains the malicious content
* HTML that is embedded in e-mail messages
* HTML that is delivered via instant messaging applications
WebEx Upgrade Timeline
+---------------------
Upgrades from WBS 23 versions to WBS 26 are expected to be complete
Synopsis
========
A buffer overflow in TMSNC might lead to the execution of arbitrary
code when processing an instant message.
Background
==========
TMSNC is a Textbased client for the MSN instant messaging protocol.
-------------------
The SonicWALL Global Security Client offers IT professionals the
capability to manage a mobile user’s online access, based upon corporate
policies, in order to ensure optimal security of the network and
maximize network resources. Instant messaging, high-risk Web sites and
network file access can all be allowed or disallowed as security and
productivity concerns dictate.
[source:
http://www.sonicwall.com/downloads/DS_GlobalSecurityClient_A4.pdf]
CVE Name: CVE-2009-2694
3. *Vulnerability Description*
Pidgin (formerly named Gaim) is a multi-platform instant messaging
client, based on a library named libpurple. Libpurple has support for
many commonly used instant messaging protocols, allowing the user to log
into various different services from one application.
A remote arbitrary-code-execution vulnerability has been found in
Overview:
Lotus Domino is a client/server product designed for collaborative
working environments. Domino is designed for e-mail, scheduling,
instant messaging and data driven applications.
There exists a vulnerability in the way memory mapped files are
used under Windows. The result of which is that if the Lotus Notes
Client is used in a Microsoft Terminal Services or Citrix
environment users can read each others Lotus Notes session data
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 30, 2007
I. BACKGROUND
Yahoo! Messenger is a instant messaging application that allows users to
chat online, share files, conduct PC to PC calls and more. More
information can be found on the vendor's site at the following URL.
http://messenger.yahoo.com/
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2694
Federico Muttis discovered that libpurple, the shared library that adds
support for various instant messaging networks to the pidgin IM client, is
vulnerable to a heap-based buffer overflow. This issue exists because of
an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can
exploit this by sending two consecutive SLP packets to a victim via MSN.
The first packet is used to create an SLP message object with an offset of
Next Page>>
|
