y the GG users. What is more, there is a number of
people downloading new sets of emoticons, and a great part of them don't check
the configuration file contents. IMO a nasty exploit would spread pretty
easily, after all.
3. What do you mean by asking "how much bytes can you parse"?
Regards,
j00ru//vx
Team Vexillium
Security Advisory
http://vexillium.org/
Name : Gadu-Gadu
Class: Buffer Overflow
Threat level : VERY HIGH
Discovered : 2007-11-10
Published: 2007-11-22
Credit : j00ru//vx
Vulnerable : Gadu-Gadu 7.7 [Build 3669], prior versions may also be
There is a small mistake in the line:
readme.txt /../../../../../../../../asdf.exe
This filename originally looks like:
readme.txt <40 spaces here> /../../../../../../../../asdf.exe
What I mean, is that only the "readme.txt" part of path is visible for the
user, and the directory traversal st
Team Vexillium
Security Advisory
http://vexillium.org/
Name : WinImage 8.10 Multiple Vulnerabilities
Class: Denial of Service and Directory Traversal
Threat level : LOW (DoS), MED (Dir. traversal vuln)
Discovered : 2007-08-31
Published: 2007-09-15
Credit : j00ru//vx
