Home » Hacking News » Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability

Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability

by Nikola Strahija on July 18th, 2002 ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension. When installed, a sound scheme places a number of wav sound files in a predictable location within the installation directory of ICQ.

An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.

Remote: Yes

Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.

http://www.xs4all.nl/~jkuperus/icq/icq.htm

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact