TITLE: NateOn Messenger NateonDownloadManager Two Vulnerabilities SECUNIA ADVISORY ID: SA16983 VERIFY ADVISORY: http://secunia.com/advisories/16983/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: NateOn Messenger 3.x http://secunia.com/product/5299/ DESCRIPTION: Park Gyu Tae has discovered two vulnerabilities in NateOn Messenger, which can be exploited by malicious people to compromise a vulnerable system. 1) The problem is that the NateonDownloadManager ActiveX control includes the insecure method "Execute()", which allows a malicious web site to place a malicious file in an arbitrary location on a user's system. Successful exploitation allows a malicious web site to overwrite executable files and execute arbitrary code. 2) A boundary error in the parameter handling in "Execute()" in the NateonDownloadManager ActiveX control can be exploited to cause a heap based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerabilities have been confirmed in version 3.0. Other versions may also be affected. SOLUTION: Disable the NateonDownloadManager control in Microsoft Internet Explorer (requires Microsoft Windows XP SP2): Tools->Manage Add-ons... Set the kill bit for the NateonDownloadManager ActiveX control. This may affect functionality. PROVIDED AND/OR DISCOVERED BY: Park Gyu Tae ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------