Product:	Gadu-Gadu, 
		all available versions including the latest 7.0b20
Vendor:		SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact:		Remote Denial of Service
Severity:	Important
Author: 	Maciej Soltysiak <maciej@soltysiak.com>
Advisory:	http://www.soltysiak.com/gg-dos.txt
Updated:	19 Sep 2005

[ISSUE]

It is possible to remotely conduct a DoS attack on a Gadu-Gadu client by
sending special crafted messages several times. The application hangs in
most cases and all is left is to kill the process.
This is propably due to the way the program displays the images.


[DETAILS]

By sending simple messages to the client that contain a huge amount of well
known strings that are converted to images (ie. "!!" converted to an
animating exclamation mark or "<glaszcze>" converted to an animated
emoticon) one is able to cause Gadu-Gadu to hang and the user to kill the
program.

As long as the attacker's uin is not on the victim's blocked list the
attacker is free to expoit the vulnerability. This means that creating
new users just to wreck havoc among Gadu-Gadu users would be very
effective.

[POC]

The C proof of concept code is available at http://www.soltysiak.com/ggkill.c

[ADVISORY]

Until the vendor releases a fixed version I recommend the users to
disable showing the emoticons. Turn off the "Wyswietlaj emotikonki"
option.

[SUMMARY]

Vendor has been informed about this bug.
Have a nice day.

	Copyright 2004, 2005, Maciej Soltysiak. Some rights reserved.