Miranda Instant Messenger with the PopUp Plus plugin is vulnerable to a simple, remotely executable buffer-overflow. Sending around 530 characters in an instant message will result in EIP getting overwritten. Version 2.0.3.8 is tested vulnerable, other versions may also be affected.
9388a6a093a26bd802f38c4619101a03c09b99e55e7f9ff2854a3c79c6f858c0
Title: PopUp Plus plugin for Miranda Instant Messenger Buffer Overflow
Risk: High
Date: 06-04-2005
Publisher: m0fo (editor at sec.org.il)
Vendor: zazoo (zazoo at ua.fm)
URL: <http://miranda-im.org/download/details.php?action=viewfile&id=1170>
http://miranda-im.org/download/details.php?action=viewfile&id=1170.
Miranda Instant Messenger is application that provides several messenger
services like ICQ, MSN, IRC etc.
One of Mirandas' widely used plugins (PopUp Plus), is vulnerable to a buffer
overflow condition.
While the option "Use SmileyAdd Setting" is enabled on the application menu
(Popups > Plus), a remote attacker could trigger the buffer overflow by
sending
roughly 530 characters as an instant message. EIP gets overwritten at 523
chars exactly.
The affected version of the plugin is 2.0.3.8, prior versions may also be
vulnerable.
I tried to get a vendor response (zazoo), however the mail bounced.