TITLE:
Encrypted Messenger Denial of Service Weakness

SECUNIA ADVISORY ID:
SA13844

VERIFY ADVISORY:
http://secunia.com/advisories/13844/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
>From remote

SOFTWARE:
Encrypted Messenger 3.x
http://secunia.com/product/4521/

DESCRIPTION:
Adam Baldwin has discovered a weakness in Encrypted Messenger, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

The weakness is caused due to an error in the processing of incoming
messages. This can be exploited to cause the Encrypted Messenger
plug-in to crash by sending a specially crafted message containing
specific characters.

NOTE: The Instant Messenger application will not crash, but only the
affected plug-in.

The weakness has been confirmed on version 3.0.71. Other versions may
also be affected.

SOLUTION:
Deny messages from users not present in the contact list.

PROVIDED AND/OR DISCOVERED BY:
Adam Baldwin

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------