Home › News › Industry News

Multiple Vulnerabilities in ICQ

On May 6, 2003, 5:26 PM

Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions.

6 security vulnerabilities were found that could lead to various forms of exploitation ranging from denying users the ability to use ICQ services to execution of arbitrary commands on vulnerable systems. The following vulnerabilities were found:

POP3 Client Format String in UIDL Field.
"Subject" signed overflow in POP3 Client.
"Date" signed overflow in POP3 Client.
ICQ Features on Demand spoofing attack.
Message advertisements denial of service attack.
Input validation error in ICQ's GIF parsing/rendering library.

Vendors contacted:
- Mirabilis
We sent notifications mails to the following addresses: security@icq.com, secure@icq.com, webmaster@icq.com, support@icq.com, several times during March & April (2003-03-11, 2003-03-24, 2003-04-11) & never received an answer from Mirabilis.

Would you like to know more? Seems Mirabilis also attended the same classes as Microsoft on "How to handle security vulnerabilty reports for your products".

No tags on this story

Next Article: Emachines back in the notebook race

2 comments

User Comments: 2

Got something to say? Post a comment

May 7, 2003 6:04 AM

Mictlantecuhtli said:

Only affects Windows versions?

Reply
May 8, 2003 12:06 PM

TS | Thomas said:

The posting they have up doesn't say anything beyond "Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions". I'd presume from some of the descriptions though it wouldn't just be limited to windows versions

Reply

Recently commented stories

TechSpot on:

Most Popular

Trending

Featured

Featured on Keyboards

Downloads and Drivers

Downloads

Drivers

IObit Malware Fighter 2.0

Instantbird 1.4

BitTorrent Sync 1.0.134

Spybot - Search & Destroy 2.1.19

Google Chrome for Windows 27.0.1453.93

More Downloads

Latest Discussion

IPod Home Button Problems 9 replies on Other Hardware

Facebook won't load 5 replies on Storage and Networking

Modems - Routers 5 replies on Storage and Networking

Which is the best smartphone to buy? 20 replies on Mobile Computing

Graphics Card Question 7 replies on Audio and Video

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.

TechSpot

Welcome to TechSpot

Home › News › Industry News

Multiple Vulnerabilities in ICQ

Next Article: Emachines back in the notebook race

User Comments: 2

Post a new comment

TechSpot on:

Most Popular

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Tested, Benchmarked

Microsoft officially announces Xbox One: here's what we know so far

'Supercapacitor' could fully charge your phone in less than 30 seconds

Bill Gates is once again the richest person in the world

Metro: Last Light Performance, Benchmarked

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Review

Gigabyte U2442F Ultrabook Review

8 Free to Play Games That Are Too Good to Be True

Featured on Keyboards

79 Metadot Das Keyboard Professional

87 Logitech Illuminated Keyboard

84 Razer BlackWidow Ultimate

88 Corsair Vengeance K90

82 Apple Wireless Keyboard MB167

Downloads and Drivers

Latest Discussion

Subscribe to TechSpot

Featured Tech Content - Inside TechSpot

	Social Login & Guest Posting Post as anonymous user			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.