mailing list archives
Local Heap OverFlow Vulnerability in "Answering Service" of Icq
From: "LegendaryZion" <moskito () smile net il>
Date: Tue, 31 Oct 2006 18:25:13 +0200
·= Security Advisory =·
Issue: Local Heap OverFlow Vulnerability
in "Answering Service" of Icq.
Discovered Date: 09/08/2006
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://www.Icq.com
Icq 2003 client is prone to a Local Heap OverFlow Vulnerability.
The vulnerability exists in "Answering Service" function,
because lack of boundary testing.
Open the key: HKLM\Software\Mirabilis\ICQ\ICQPro\DefaultPrefs\Presets
Edit the value: AwayMsg Presets [#]
Add 501 bytes string value.
Change the away to the one you have audit above and the icq client crash.
Tested on Icq 2003b 3916
Tal Argoni, CEH
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Local Heap OverFlow Vulnerability in "Answering Service" of Icq LegendaryZion (Oct 31)