[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LAN Messenger v1.2.28 - Persistent Software Vulnerability

Author
Benjamin K.M.
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-18281
Category
local exploits
Date add
16-05-2012
Platform
windows
Title:
======
LAN Messenger v1.2.28 - Persistent Software Vulnerability

Common Vulnerability Scoring System:
====================================
7.5


Introduction:
=============
LAN Messenger is a free and open source cross-platform instant messaging application for communication over a 
local network. It does not require a server. A number of useful features including event notifications, file transfer 
and message logging are provided.

(Copy of the Website: http://lanmsngr.sourceforge.net )

Details:
========
A persistent software vulnerability is detected in in LAN Messenger v1.2.28. The bug is located in the profile display 
& nickname validation of the software. The vulnerability allows an attacker (remote) to implement own malicious script codes as 
profile. The code is getting executed when the attacker writes the victim a message. The vulnerable nickname input is getting 
executed as output of the messagebox when processing to write a message. Successful exploitation can lead in persistent hijacking, 
external malicious redirects, persistent script code execution to compromise the connected network client system.

Vulnerable Module(s):
				[+] Username as seen by Contacts - Messagebox Display & Input

Risk:
=====
The security risk of the persistent remote web vulnerability is estimated as high.



#  0day.today [2024-12-26]  #