TechSpot

Multiple Vulnerabilities in ICQ

By TS | Thomas
May 6, 2003
Topic Status:
Not open for further replies.
  1. Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions.

    6 security vulnerabilities were found that could lead to various forms of exploitation ranging from denying users the ability to use ICQ services to execution of arbitrary commands on vulnerable systems. The following vulnerabilities were found:

    POP3 Client Format String in UIDL Field.
    "Subject" signed overflow in POP3 Client.
    "Date" signed overflow in POP3 Client.
    ICQ Features on Demand spoofing attack.
    Message advertisements denial of service attack.
    Input validation error in ICQ's GIF parsing/rendering library.

    Vendors contacted:
    - Mirabilis
    We sent notifications mails to the following addresses: security@icq.com, secure@icq.com, webmaster@icq.com, support@icq.com, several times during March & April (2003-03-11, 2003-03-24, 2003-04-11) & never received an answer from Mirabilis.

    Would you like to know more? Seems Mirabilis also attended the same classes as Microsoft on "How to handle security vulnerabilty reports for your products".
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,916   +9

    Only affects Windows versions?
  3. TS | Thomas

    TS | Thomas TS Rookie Topic Starter Posts: 1,327

    The posting they have up doesn't say anything beyond "Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions". I'd presume from some of the descriptions though it wouldn't just be limited to windows versions
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.