Apr 23 2008
Highly Critical Vulnerability in ICQ Personal Status Processing
| Secunia Advisory: | SA29821 | |
| Release Date: | 2008-04-21 | |
| Critical: |  Highly critical |
|
| Impact: | System access | |
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| Software: | ICQ 6.x | |
| Description: Leon Juranic has reported a vulnerability in ICQ, which can be exploited by malicious people to compromise another user’s system. The vulnerability is caused due to a boundary error when processing “Personal Statuses” set via the “Personal Status Manager” menu. This can be exploited to cause a heap-based buffer overflow by creating a specially crafted personal status and e.g. sending a message to another user. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 6 build 6043. Other versions may also be affected. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Solution: Provided and/or discovered by: |
||
No responses yet
Leave a Reply
You must be logged in to post a comment.