mailing list archives
ICQ remote DoS
From: philip_stoev () INAME COM (Philip Stoev)
Date: Fri, 10 Mar 2000 20:06:43 +0200
This does not seem something extraordinary, but somebody may find a ground
to expand upon:
ICQ Version 99b Beta v.3.19 Build #2569
freshly downloaded today from www.icq.com
The My ICQ Page functionality turns ICQ user's PC into (sort of) a web
server, listening on port 80. This web server serves an ready-made page with
various things on it, and among them -- a guestbook. Submissions to this
guestbook are hanlded by guestbook.cgi script.
When an external visitor requests an URL like
, he or she will get a Forbidden HTTP reply. However, if the URL is
(with a ? at the end), ICQ will crash with a simple GPF.
I must admit that I did not bother to notify the developers, because the TOS
that pop up every now and them discourage me to do so.
TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
Re: PGP Signatures security BUG! Florian Weimer (Mar 10)