7/30/2007

CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability

CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability

BACKGROUND:
===========

BlueSkychat is a professional voice and video chat software widely used
by large chat websites in china.

DESCRIPTION:
============

Code Audit Labs Code Audit for BlueSkyCat ActiveX Control and discovered
a vulnerability .

Remote exploitation of a buffer overflow in an ActiveX control
distributed
with Bluesky.cn could allow for the execution of arbitrary code.

When Blueskychat are installed, they register the following ActiveX
control on the system:

ProgId: V2.V2Ctrl.1
ClassId: 2EA6D939-4445-43F1-A12B-8CB3DDA8B855
File: v2.ocx

This control contains a buffer overflow in its ConnecttoServer() method.

This is a clent side vulnerability. So the clients of following chat
servers which install the affected BlueSkyCat software are affected.
bliao http://www.bliao.com
qqliao http://www.qqliao.com
7liao http://www.7liao.com
haoliao http://www.haoliao.net
51liao http://chat.51liao.net
heshang http://www.heshang.net
xicn http://vchat.xicn.net
CN104 http://www.cn104.com
liao-tian http://www.liao-tian.com
aliao http://www.aliao.net
kuailiao http://www.kuailiao.com
mtliao http://www.mtliao.com
pj0427 http://www.pj0427.com
uighur http://chat.uighur.cn
wmliao http://www.wmliao.com

see full report:

english


chinese

1 comment:

Anonymous said...

thanks for sharing this site. there are various kinds of ebooks available from here

http://feboook.blogspot.com