Threat Analysis

Miranda IM Multiple Buffer Overflow Vulnerabilities

  • Date: October 23, 2007
  • Author: David Wharton

Summary

Multiple buffer overflow vulnerabilities exist in Miranda IM, a popular open source instant messaging client.

Scope:

These vulnerabilities have been verified in the following Miranda IM version(s):

  • 0.6.8
  • 0.7.0

Note: one vulnerability in version 0.6.8 was fixed in version 0.7.0.

Description:

Miranda IM is a popular open source instant messaging client that supports a wide range of protocols. Multiple buffer overflow vulnerabilities have been found in Miranda IM, including a remotely triggered stack based overflow in the section that implements the Yahoo! Messenger protocol. A maliciously crafted Yahoo! Messenger packet could overflow a buffer on the stack and lead to arbitrary code execution.

Recommendations:

Upgrade to version 0.7.1 or later of the Miranda IM client. Also, remote exploitation of the vulnerabilities can be prevented by blocking Yahoo! Messenger traffic on your network.

Credits:

David Wharton is a security researcher with SecureWorks' Research Team and is working on his M.S. in Information Security degree from Georgia Tech.

About SecureWorks:

With over 2,000 clients, SecureWorks is one of the leading managed security services providers in the market. The research and advisory firm, Gartner, Inc., recently positioned SecureWorks in the Leaders quadrant in its Managed Security Services Provider (MSSP) Magic Quadrant for the first half of 2007 and Forrester Research cited SecureWorks as the "MSSP with the largest market share of customers in North America" in their recent Wave report. SecureWorks provides effective security services by leveraging our integrated security management platform, advanced security research, and 100 percent GIAC certified experts. By providing a full breadth of security services, SecureWorks offers fully-managed, co-managed, monitored or self-service security solutions to meet the needs of Fortune 100 companies with large security teams as well as smaller companies with no security expertise. In addition, SecureWorks has helped companies pass over 2,400 compliance audits by providing comprehensive and straight-forward board and examination reports. SecureWorks won SC Magazine's 2007 and 2006 MSSP of the Year award and the 2006 Best Intrusion Prevention award, Frost & Sullivan's 2006 Entrepreneurial Company of the Year award and was named to the Deloitte & Touche, Inc. 500 and Inc. 5000 lists of fastest growing companies for the past three years. Recently, SecureWorks made #92 on Entrepreneur Magazine's list of the Hot 500 fastest growing businesses in the US.

References:

Miranda IM
http://www.miranda-im.org/

Miranda IM v0.7.1 announcement

Official Yahoo! Messenger Site
http://messenger.yahoo.com/

CVE-2007-5542 (affects version 0.6.8 only)
CVE-2007-5543 (affects versions 0.6.8 and 0.7.0)

CVSS Scoring (version 2.0):

Note: this is calculated for the remotely exploitable vulnerabilities only.

  • CVSS Base Score: 8.0
  • Overall CVSS Score: 8.0



Back to more Threat Analyses and Advisories

GET THE LATEST SECURITY UPDATES

Thank you for your submission.

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.