exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

POP Peeper 3.4.0.0 Buffer Overflow Vulnerability

POP Peeper 3.4.0.0 Buffer Overflow Vulnerability
Posted Mar 12, 2009
Authored by Jeremy Brown | Site krakowlabs.com

POP Peeper version 3.4.0.0 is vulnerable to a remote buffer overflow vulnerability. This vulnerability is exploitable on the client side. A vulnerable POP Peeper user must connect to an exploitation server and retrieve mail to be affected.

tags | advisory, remote, overflow
SHA-256 | 7e864726d86e126383c7e331e2a51f140bb51683dad50c8f9835cb3ffb508365

POP Peeper 3.4.0.0 Buffer Overflow Vulnerability

Change Mirror Download
KL0309ADV-poppeeper_date-bof.txt
03.12.2009

Krakow Labs Research [www.krakowlabs.com]
POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability

-------------------------------------------------------------------------------------------------------------------------

======================
BACKGROUND INFORMATION
======================

"POP Peeper is an email notifier that runs in your Windows task bar and alerts you when you have new email on your
POP3, IMAP (with IDLE support), Hotmail\MSN\LiveMail, Yahoo, GMail, Mail.com, MyWay, Excite, iWon, Lycos.com, RediffMail,
Juno and NetZero accounts. IMAP supports allows you to access AOL, AIM, Netscape and other services. Send mail directly
from POP Peeper and use the address book to email your frequently used contacts. POP Peeper allows you to view messages
using HTML or you can choose to safely view all messages in rich or plain text. Several options are available that will
decrease or eliminate the risks of reading your email (viruses, javascript, webbugs, etc). POP Peeper can be run from a
portable device and can be password protected. Many notification options are availble to indicate when new mail has
arrived, such as sound alerts (configurable for each account), flashing scroll lock, skinnable popup notifier, customized
screensaver and more."

Source: http://www.poppeeper.org

-------------------------------------------------------------------------------------------------------------------------

=========================
VULNERABILITY DESCRIPTION
=========================

POP Peeper is vulnerable to a remote buffer overflow vulnerability. This vulnerability is exploitable on the client side.
A vulnerable POP Peeper user must connect to an exploitation server and retrieve mail to be affected.

-------------------------------------------------------------------------------------------------------------------------

=================
TECHNICAL DETAILS
=================

To trigger this vulnerability, POP Peeper has to connect to an exploitation server acting as a POP3 daemon. The exploitation
server can send an oversized "Date" header (292 bytes) along with an email message, overflowing a buffer on the stack, giving
the attacker complete control over the process. Other headers may also be affected.

-------------------------------------------------------------------------------------------------------------------------

=================
PRODUCTS AFFECTED
=================

POP Peeper 3.4.0.0 was confirmed vulnerable. All versions of below 3.4.0.0 and are suspected vulnerable as well.

-------------------------------------------------------------------------------------------------------------------------

============
EXPLOITATION
============

An exploit has been made public to trigger this vulnerability.

http://www.krakowlabs.com/dev/exp/KL0309EXP-poppeeper_date-bof.pl.txt

The exploit code has been tested in the following environment(s):

Windows XP Professional with Service Pack 3 on x86 Architecture

Result: SUCCESS

-------------------------------------------------------------------------------------------------------------------------

===========
WORKAROUNDS
===========

The vendor has fixed this vulnerability but has not issued an updated version at the time of this advisory. We suggest
POP Peeper users do not connect to untrusted POP3 servers until a new release is available that remedies this vulnerability.

------------------------------------------------------------------------------------------------------------------------

=======
CREDITS
=======

rush@KL (Jeremy Brown) [rush@krakowlabs.com] is credited with the discovery and research of this vulnerability.
rush@KL (Jeremy Brown) [rush@krakowlabs.com] is credited with the development of exploit code for this vulnerability.

-------------------------------------------------------------------------------------------------------------------------

==========
DISCLAIMER
==========

Krakow Labs assumes no liability for the use or misuse of any or all information contained in this document or information
available at or referring to this document. Any or all information contained in this document or available at or referring to
this document is not misleading and all information provided by Krakow Labs in this document is accurate to the best knowledge
of Krakow Labs. This document can be published and/or reproduced as long as the document's data is left unchanged. Krakow Labs
may be accessed via krakowlabs.com for more information, personal reference, or other agendas supporting Krakow Labs.

Associated Files & Information:
http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt
http://www.krakowlabs.com/dev/exp/KL0309EXP-poppeeper_date-bof.pl.txt
http://www.krakowlabs.com/dev/exp/KL0309EXP-poppeeper_date-bof.jpeg
KL0309ADV-poppeeper_date-bof.txt
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close