Secunia Security Advisory - Park Gyu Tae has discovered two vulnerabilities in NateOn Messenger, which can be exploited by malicious people to compromise a vulnerable system.
89a8ea3d1f12e0948990c469596ddef7e1c1f7addb7a8891c1113e556d08a0d5
TITLE:
NateOn Messenger NateonDownloadManager Two Vulnerabilities
SECUNIA ADVISORY ID:
SA16983
VERIFY ADVISORY:
http://secunia.com/advisories/16983/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
NateOn Messenger 3.x
http://secunia.com/product/5299/
DESCRIPTION:
Park Gyu Tae has discovered two vulnerabilities in NateOn Messenger,
which can be exploited by malicious people to compromise a vulnerable
system.
1) The problem is that the NateonDownloadManager ActiveX control
includes the insecure method "Execute()", which allows a malicious
web site to place a malicious file in an arbitrary location on a
user's system.
Successful exploitation allows a malicious web site to overwrite
executable files and execute arbitrary code.
2) A boundary error in the parameter handling in "Execute()" in the
NateonDownloadManager ActiveX control can be exploited to cause a
heap based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities have been confirmed in version 3.0. Other
versions may also be affected.
SOLUTION:
Disable the NateonDownloadManager control in Microsoft Internet
Explorer (requires Microsoft Windows XP SP2):
Tools->Manage Add-ons...
Set the kill bit for the NateonDownloadManager ActiveX control. This
may affect functionality.
PROVIDED AND/OR DISCOVERED BY:
Park Gyu Tae
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------