QIP 2005 Malformed Rich Text Message 远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117344 漏洞类型 资源管理错误
发布时间 2009-02-04 更新时间 2009-03-06
CVE编号 CVE-2009-0769 CNNVD-ID CNNVD-200903-158
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32774
https://cxsecurity.com/issue/WLB-2009020014
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-158
|漏洞详情
QIP2005build8082版本远程攻击者可以借助一个特制的RichTextFormat(RTF)ICQ信息,例如一个{\rtf\pict\&&}信息,以造成拒绝服务(CPU损耗和应用程序悬挂)。注意:该漏洞可能存在于SergeyTkachenkoTRichView中。如果是这样的话,那么它应该作为QIP中的一个漏洞来处理。
|漏洞EXP
source: http://www.securityfocus.com/bid/33609/info

QIP 2005 is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users.

NOTE: This issue may occur in a third-party component used by QIP 2005, but this has not been confirmed.

This issue affects QIP 2005 build 8082; other versions may also be vulnerable.

{\rtf\pict\&&}
|参考资料

来源:BID
名称:33609
链接:http://www.securityfocus.com/bid/33609
来源:BUGTRAQ
名称:20090204QIP2005DenialofServiceVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/500656/100/0/threaded
来源:OSVDB
名称:51755
链接:http://www.osvdb.org/51755
来源:SECUNIA
名称:33851
链接:http://secunia.com/advisories/33851