No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
ICQ Message Processing Format String Vulnerability Secunia Advisory:SA29138 Release Date:2008-02-28 Critical:Highly critical Impact:System access Where:From remote Solution Status:Unpatched Software:ICQ 6.xDescription:B0B has discovered a vulnerability in ICQ, which can be exploited by malicious people to compromise another user's system.The vulnerability is caused due to a format string error when generating HTML code to display messages in the embedded Internet Explorer component, which can be exploited by sending specially crafted messages containing format string specifiers to another user.Successful exploitation allows the execution of arbitrary code.The vulnerability is confirmed in ICQ 6 build 6043. Other versions may also be affected.Solution:Enable the "Accept messages only from contacts" option and remove untrusted users from your contact list.If the "Ask me before displaying messages from people I don't know" option is enabled, discard incoming messages.Provided and/or discovered by:B0BOriginal Advisory:http://board.raidrush.ws/showthread.php?t=386983
ICQ Message Processing Format String Vulnerability
Secunia Advisory:SA29138
Release Date:2008-02-28
Critical:Highly critical
Impact:System access
Where:From remote
Solution Status:Unpatched
Software:ICQ 6.x
Source: ICQ Message Processing Format String Vulnerability - Advisories - Secunia
No Comments