[VIM] Vendor ack for Miranda IM PopUp overflow (CAN-2005-1093)
Steven M. Christey
coley at mitre.org
Thu May 19 13:09:29 EDT 2005
Juha-Matti Laurio informed CVE of vendor acknowledgement for the
Miranda IM PopUp overflow (CAN-2005-1093):
"Popup+: remotely exploitable buffer overflow"
http://forums.miranda-im.org/showthread.php?p=9624
"Critical Bug In PopUp Plus Plugin"
http://forums.miranda-im.org/showthread.php?t=1070
The News Column on the vendor front page (http://www.miranda-im.org/)
also has an entry dated 19/04/2005 that says:
Popup+ Remotely exploitable overflow - by Sam K (19/04/2005)
As reported on various security mailing lists - The Popup+ plugin
contains a bug when used with smiley add that lets a remote attack
run arbitrary code from a crafted instant message on any protocol.
Notes:
- PopUp is a plugin for Miranda IM
- the PopUp author is known as "zazoo" but also posted as "nullbie"
on the Miranda IM forums
- Steve
More information about the VIM
mailing list