Security-Corporation ID : SC-0786
URL : http://www.security-corporation.com/articles-20031126-000.html
Author : dr_insane
Product : Chatzilla 0.9.35
Source Message Contents :
Security :: Advisory - Chatzilla 0.9.35 Multpiple buffer overflows
Vulnerable
----------
Chatzilla 0.9.35 and all tested prior versions. Last version doesn't seem vulnerable.
Affected systems:
-----------------
Windows(all versions)
Mac OS
Impact
------
High. These buffer overflows allow arbitary code to be executed on the victim's machine.
Details
--------
Chatzilla is an Irc client that comes by default with every version of Mozilla browser for Windows and
Mac OS. The problem is tha chatzilla doesn't not check the length of characters for a server to connect.Sending a server name fot chatzilla to connect over 40kb long allows overwriting of a key variable.
There is also another buffer overflow in the /Nick command. Sending again about 40kb will crash the system.
pr00f of concept exploit:
-------------------------
Get it on: http://members.lycos.co.uk/r34ct/
Solution:
---------
Upgrade to chatzilla 0.9.45
http://www.security-corporation.com/articles-20031126-000.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic