TITLE:
The Bat! Email Subject Header Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA18989

VERIFY ADVISORY:
http://secunia.com/advisories/18989/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
The Bat! 3.x
http://secunia.com/product/7150/

DESCRIPTION:
Nemesis Security Audit Group has discovered a vulnerability in The
Bat!, which potentially can be exploited by malicious people to
compromise a user's system.

The vulnerability is caused due to a boundary error within the
parsing of the email subject header. This can be exploited to cause a
unicode stack-based buffer overflow via a specially-crafted email
message with an overly long subject.

The vulnerability has been confirmed in version 3.60.07. Other
versions may also be affected.

SOLUTION:
Update to version 3.71.03.
http://www.ritlabs.com/en/products/thebat/download.php

PROVIDED AND/OR DISCOVERED BY:
Nemesis Security Audit Group

ORIGINAL ADVISORY:
http://www.nsag.ru/vuln/953.html

----------------------------------------------------------------------