Home » Hacking News » Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability
Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability
by Nikola Strahija on July 18th, 2002 ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension. When installed, a sound scheme places a number of wav sound files in a predictable location within the installation directory of ICQ.
An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.
Remote: Yes
Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.
http://www.xs4all.nl/~jkuperus/icq/icq.htm