IndiaTimes Instant Messenger ActiveX RenameGroup Function Overflow
Medium Nessus Network Monitor Plugin ID 3199
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running IndiaTimes Instant Messaging client. IndiaTimes allows users to consolidate ICQ, Yahoo, AIM and MSN messengers into a single GUI console. This version of IndiaTimes is vulnerable to a remote buffer overflow. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious website and execute a malicious ActiveX control. Successful exploitation would lead to the attacker executing arbitrary code on the remote system.
SolutionNo solution is known at this time.