Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ICQ remote buffer overflow vulnerability

ICQ remote buffer overflow vulnerability

by Nikola Strahija on January 9th, 2002 This is very similar to the AIM overflow recently discovered. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions.


ICQ protocol uses the same TLV (2711) packet and there is a similar weakness in the parsing of the packet.

The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions.

Execution of arbitary code is possible since EAX/EBX point to within the payload.

Until AOL announces a patch/workaround, it is highly recommended to restrict receiving of events (other than normal messages) to contacts you know.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »