Crash any teamspeak client (Windows / Linux / Mac?)

[Asphyxia]

http://www.securiteam.com/unixfocus/5NP0O2KDPI.html this is an example of a heap overflow discovered sometime ago in QT. I found this to be very interesting, I was thinking that we could potentially utilize this method in TeamSpeak 3 until I remembered that we're looking at a divide-by-zero overflow. If you are unfamiliar with overflows, you should read this and this. The best case scenario, we find a buffer overflow.

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This is a special case of the violation of memory safety.

The issue found here is documented as CWE-369, Divide By Zero. This is more of an error than an overflow. I may have recently found a heap overflow though (good), I'm going to do some testing.

 

[Asphyxia]

Connect to this server for a lovely crash: ts3server://109.95.210.167:10527

 

[Bluscream]

Boiiii use URL tags : ts3server://109.95.210.167?port=10527

Edit: It seems like Xenforo can't handle (me right now) ... URI's (sry xD). Xenforo just removes the :

Edit 2: No fuck it seems like either "Chrome 44.0.2403.89 m" or "TS3 3.0.17" can't handle the URI :lol:

 

[Asphyxia]

Placing

[img]https://bugreports.qt.io/secure/attachment/46674/BBF7096DCAF1CD03DE8364E14DB58939.BMP[/img]

Inside of a TeamSpeak 3 channel description is a sure way to crash people, you can even place the URL inside the Banner Gfx Url to crash people in the server and anyone whom will join (ex: ts3server://109.95.210.167:10527). I have a solution though, here it is:
x86 TeamSpeak Clients (WINDOWS): http://r4p3.github.io/patch/ts3/bmpcrash/Patch_32bit.zip - MD5,05D1CB2AA455C22A1B042D18F7ABFE9A

x64 TeamSpeak Clients (WINDOWS): http://r4p3.github.io/patch/ts3/bmpcrash/Patch_64bit.zip - MD5,5334AC2359C15ECBC6636AB6B11C531A

For the above to work unfortunately you will also need to install/setup QT 5.4.2 using: http://download.qt.io/official_releases/online_installers/qt-unified-windows-x86-online.exe until I can further investigate why exactly it does not work otherwise. If anyone here is wise with QT, perhaps they can pitch in and offer an explanation as to why it does not work by placing the DLL files appropriately. I am assuming it has to do with some sort of PATH issues and some missing dependencies.

A big thanks goes to Kaptan647 for explaining it is possible --- he got it working first.

 

[ehthe]

I may be wrong but the new qt versions needs other additional files that is why you can't just replace those.

the problem i had : http://wiki.qt.io/Qt-5-QLocale

 

[Kaptan647]

We tried to replace this dlls but it gived error.For some reason you must install lastest Qt version

 

[Asphyxia]

We got past the errors, then while trying to run TeamSpeak 3 literally nothing would happen. No errors, no messages --- nothing. I even dumped the whole fucking 5.4.2 BIN straight into the TeamSpeak 3 directory to no avail. It seems that the QT 5.4.2 needs to actually be installed unless someone else knows how to get it working with just the DLL files.

 

[Kaptan647]

I think this dlls must be in your computer.

 

[Asphyxia]

Notice where it shows the location of those files though. TeamSpeak 3 itself comes packaged for QT 5.4.1, so I think in order to use QT 5.4.2 with TeamSpeak 3 at this time, it requires an installation of the QT 5.4.2 libraries/plugins. If anyone figures it out without requiring an installation, please let us know --- we would love that I am sure haha.