Jaroslaw Sajko

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** The issue allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control. This control can initiate an outgoing phone call and listen to the microphone. **Recommendations** For Gadu-Gadu version 7.20, consider disabling the EasycallLite.oce ActiveX control as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** The issue arises from the improper handling of MS-DOS device names in filenames. This can be exploited by remote attackers in two ways: (1) to cause a denial of service by sending an image filename of `AUX:` twice, which results in a hang, (2) to write to the `LPT1` port via a filename of `LPT1:`. **Recommendations** For Gadu-Gadu version 7.20, consider restricting the use of filenames that contain MS-DOS device names to prevent potential exploitation. Avoid using filenames such as `AUX:` or `LPT1:` to minimize the risk of a denial of service or unauthorized access to the `LPT1` port. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** A memory leak issue allows remote attackers to cause a denial of service. This is achieved by sending multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped. **Recommendations** For Gadu-Gadu version 7.20, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** The issue allows remote attackers to cause a denial of service by sending multiple DCC packets with a code of `6` or `7`. This triggers a large number of popup windows to the user and creates a large number of threads. **Recommendations** For Gadu-Gadu version 7.20, consider disabling the handling of DCC packets with codes `6` or `7` as a temporary workaround until a patch is available. Restrict access to the feature that processes these packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash and configuration loss, by accessing a page with a large number of gg: URIs. **Recommendations** For Gadu-Gadu version 7.20, consider restricting access to pages with multiple gg: URIs to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu version 7.20 **Description** The issue is a stack-based buffer overflow that can be triggered by a remote attacker, causing a denial of service (crash). This occurs when an image filename with a length of exactly 192 to 200 characters is used, which does not account for the added "imgcache" string, thus overflowing the buffer. **Recommendations** For Gadu-Gadu version 7.20, as a temporary workaround, consider restricting the length of image filenames to prevent the buffer overflow until a patch is available.

Name of the Vulnerable Software and Affected Versions: Gadu-Gadu versions prior to build 156 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script via a URL. This script is echoed in a popup window that displays a parsing error message. Recommendations: For versions prior to build 156, update to a version later than build 155 to resolve the issue. As a temporary workaround, consider restricting access to URLs that may trigger the popup window displaying the parsing error message.

Name of the Vulnerable Software and Affected Versions: Gadu-Gadu versions build 155 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This occurs when a message contains an image whose filename does not start with restricted characters. Recommendations: For Gadu-Gadu versions build 155 and earlier, consider restricting the handling of image files with filenames that do not start with restricted characters to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu (affected versions not specified) **Description** The issue allows remote attackers to bypass the "image send" option by sending a very small image file. This could potentially be used in conjunction with other image-related issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Gadu-Gadu (affected versions not specified) Description: A cross-site scripting issue exists in the parser for Gadu-Gadu, allowing remote attackers to inject arbitrary web script or HTML via http:// or news:// URLs. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Gadu-Gadu (affected versions not specified) Description: A directory traversal issue allows remote attackers to read arbitrary files. This is achieved by using .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Gadu-Gadu (affected versions not specified) Description: The issue is related to a stack-based buffer overflow in the code that handles image sending. This allows remote attackers to execute arbitrary code by providing a large image filename. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.