This is very similar to the AIM overflow recently discovered.

ICQ protocol uses the same TLV (2711) packet and there is a similar
weakness in the parsing of the packet.

The details of this vulnerability will not be released until a
further time (when a patch has been implemented, probably). ICQ2000
clients are vulnerable. ICQ2001 clients do not appear to be
vulnerable under default setup conditions.

Execution of arbitary code is possible since EAX/EBX point to within
the payload.

Until AOL announces a patch/workaround, it is highly recommended to
restrict receiving of events (other than normal messages) to contacts you
know.

-------------
Daniel Tan
Class of 2004
Jerome Fisher Management & Technology Program
University of Pennsylvania, USA
datanseas.upenn.edu
datanwharton.upenn.edu
-------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]