ICQ Personal Status Processing Buffer Overflow - Security


Editor Login \| Register		Ekle

> World > Security

ICQ Personal Status Processing Buffer Overflow - Security - World -

CWRedLight

(Date : 23.04.2008 00:45:35)

ICQ Personal Status Processing Buffer Overflow

Secunia Advisory:	SA29821
Release Date:	2008-04-21

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	ICQ 6.x

Description:
Leon Juranic has reported a vulnerability in ICQ, which can be exploited by malicious people to compromise another user"s system.

The vulnerability is caused due to a boundary error when processing "Personal Statuses" set via the "Personal Status Manager" menu. This can be exploited to cause a heap-based buffer overflow by creating a specially crafted personal status and e.g. sending a message to another user.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 6 build 6043. Other versions may also be affected.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
The vendor has reportedly issued a fix via automatic updates.

Provided and/or discovered by:
Leon Juranic, INFIGO IS

Original Advisory:
INFIGO-2008-04-08:
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08

Derecelendir

Kaynak

http://secunia.com/advisories/29821/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS