https://www.exploit-db.com/exploits/23876
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-103

PicoPhone是一款Internet电话聊天应用程序。PicoPhone的日志记录函数存在缓冲区溢出，远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。PicoPhone默认包含日志记录功能，可让用户记录所有来电和消息，这个函数在存储数据到缓冲区时缺少充分的边界缓冲去检查，可导致缓冲区溢出，精心构建提交数据可能以进程权限在系统上执行任意指令。

source: http://www.securityfocus.com/bid/9969/info

It has been reported that Picophone is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer.

Successful exploitation of this issue will cause a denial of service condition to be triggered. The attacker may also leverage this issue to execute arbitrary code; this code would be executed in the security context of the user running the affected process.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23876.zip

来源:XF
名称:picophone-logging-function-bo(15595)
链接:http://xforce.iss.net/xforce/xfdb/15595
来源:BID
名称:9969
链接:http://www.securityfocus.com/bid/9969
来源:SECTRACK
名称:1009551
链接:http://securitytracker.com/id?1009551
来源:SECUNIA
名称:11209
链接:http://secunia.com/advisories/11209
来源:aluigi.altervista.org
链接:http://aluigi.altervista.org/adv/picobof-adv.txt
来源:OSVDB
名称:4550
链接:http://www.osvdb.org/4550
来源:BUGTRAQ
名称:20040324BufferoverflowinPicoPhone1.63
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108016032220647&w;=2