MOAB-20-01-2007: Apple iChat aim:// URL Handler Format String Vulnerability

Published: January 21, 2007, 1:11 am

Apple iChat AIM URI scheme handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution.Further information: Apple iChat aim:// URL Handler Format String VulnerabilityProof of concept: MOAB-20-01-2007.htmlAs contacting the "Heise Security" author of the now infamous, sensationalist accusations (which he promptly spread through Digg and every possible place around, with obvious malicious intent) didn't suffice, we are providing the full logs of the time frame (January 19 from 16:50 to 20:30) in which the Heise people involved in the article were repeatedly running CGI scans (which more than childish is actually purely script kiddie behavior, worth of the most disastrous years of every 12 year old starting in the so called "security scene" at some point) and testing/brute-forcing the URLs for forthcoming releases.Apparently they don't realize that issues

[ Full article ]

Blog link

Rating: 0

Comments