Easy Chat Server Authentication Request Buffer Overflow

Added: 08/03/2009

Background

Easy Chat Server is a web-based chat server for Microsoft Windows.

Problem

The server is vulnerable to a remote buffer-overflow attack which can be triggered by sending a specially crafted password parameter to chat.ghp.

Resolution

Easy Chat Server 2.2 and earlier are vulnerable. Contact the vendor at support@echatserver.com for information on when a fix will be available.

References

http://milw0rm.com/exploits/8142
http://securitytracker.com/alerts/2009/Mar/1021785.html

Limitations

Exploit works on Easy Chat Server 2.2 on Windows 2000 and Windows 2003.

Platforms

Windows

Back to exploit index