Threat Center Security News POP Peeper can trigger remote buffer overflow
POP Peeper can trigger remote buffer overflow Print E-mail
Written by Rebecca Mints   
Thursday, 12 March 2009 01:12

Security experts from Krakow Labs Research recently announced a new vulnerability found in the email application POP Peeper.

Krakow Labs also said that an exploit has already been made public to trigger the vulnerability.

POP Peeper is an application that runs in your Windows task bar used to notify you of new email by setting off alerts. It has an IMAP support to allow access to AOL, AIM, Juno and Netscape and other services. POP Peeper scans through your POP3, IMAP, and other email accounts to let you know if a new message has arrived. It also allows users to view messages in rich or plain text or in HTML.

In the security advisory issued last week, Krakow Labs said that POP Peeper's vulnerability is only exploitable on the client side.

A description of the vulnerability was stated in the advisory as follows: “A vulnerable POP Peeper user must connect to an exploitation server and attempt to use retrieved mail to be affected.”

The vulnerability can be triggered by connecting the POP Peeper to an exploitation server acting as a POP3 daemon. The remote buffer overlow results when the exploitation server send an oversized ID (1040 bytes) which causes the buffer on the stack to overflow, with the attacker controlling the whole process.

Details of the exploit for this vulnerability can be viewed in http://www.krakowlabs.com/dev/exp/KL0209EXP-poppeeper_uidl-bof.pl.txt. This exploit code has been tested in Windows XP Professional with SP 3 on x86 Architecture.

No patch has been released as yet for the POP Peeper vulnerability and users are advised not to connect to untrusted POP3 servers until a new release is made available.

 

 

 

WTW Threat Level