####################################################################### Luigi Auriemma Application: Flash Messaging http://www.flashmessage.com Versions: <= 5.2.0g (rev 1.1.2) Platforms: Windows Bugs: - server crash - unkickable clients Exploitation: remote, versus server Date: 07 October 2004 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Flash Messaging is an instant messanger for Windows and uses a client-server architecture. ####################################################################### ======= 2) Bugs ======= The network data exchanged between server and clients is composed by wide chars (16 bits) and the server is not able to handle some of these chars, the result is the immediate crash of the server. Another bug (but very minor, just a joke) is that the shutdown command (and any other available command) that the server can send to users to immediately terminate their clients is just only a command that can be easily ignored, in fact the connection will not be interrupted so the modified clients can continue to stay connected and to chat without problems. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/flashmsg.zip This proof-of-concept can act also as a client emulator and data decoder, so is possible to see any raw data sent by the server and moreover to test the "unkickable clients" problem I showed before. ####################################################################### ====== 4) Fix ====== No fix. No reply from the vendor. #######################################################################