Vulnerability
Becky!
Affected
Becky! 2.00.05
Description
Ichinose Sayo found following. He found Buffer Overflow
vulnerabilities in Becky! Internet Mail 2.00.05. Becky! Internet
Mail is popular MUA (Mail User Agent) designed for Windows
operating systems.
If the message includes over 65536 bytes without new line
characters, the buffer will be overflowed. Buffer overflow also
occurs when attempt to reply or forward to the message included
over 8188 bytes without new line characters.
Successful exploitation of this vulnerability could allow remote
attackers to execute arbitrary commands. Tested Version:
- Becky! Internet Mail ver 2.00.05
- Becky! Internet Mail ver 2.00.03
Web site that shows reproducing this vulnerability is available
from:
http://www.lac.co.jp/security/english/test/becky2.html
Solution
Due to prompt response by the author, the version 2.00.06, which
was fixed this problem, was published.
http://www.rimarts.co.jp/becky.htm
Credits
-- UnKnown --
|