TechSpot - PC Technology News and Analysis

TS | Thomas · #1 05-06-2003

Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions.

6 security vulnerabilities were found that could lead to various forms of exploitation ranging from denying users the ability to use ICQ services to execution of arbitrary commands on vulnerable systems. The following vulnerabilities were found:

POP3 Client Format String in UIDL Field.
"Subject" signed overflow in POP3 Client.
"Date" signed overflow in POP3 Client.
ICQ Features on Demand spoofing attack.
Message advertisements denial of service attack.
Input validation error in ICQ's GIF parsing/rendering library.

Vendors contacted:
- Mirabilis
We sent notifications mails to the following addresses: security@icq.com, secure@icq.com, webmaster@icq.com, support@icq.com, several times during March & April (2003-03-11, 2003-03-24, 2003-04-11) & never received an answer from Mirabilis.

Would you like to know more? Seems Mirabilis also attended the same classes as Microsoft on "How to handle security vulnerabilty reports for your products".

Mictlantecuhtli · #2 05-07-2003

Only affects Windows versions?

TS | Thomas · #3 05-08-2003

The posting they have up doesn't say anything beyond "Vulnerable Packages: Mirabilis ICQ Pro 2003a & previous versions". I'd presume from some of the descriptions though it wouldn't just be limited to windows versions

Similar Topics
Thread	Thread Starter	Forum	Replies	Last Post
Critical vulnerabilities found in WinZip tool	Julio	Old Frontpage News & Comments	0	09-03-2004 04:05 PM
Working exploits for recent security vulnerabilities	Per Hansson	Old Frontpage News & Comments	0	04-20-2004 04:32 AM
Display says multiple monitors, but really just one.	bluescreenNoob	Audio and Video	12	11-03-2003 11:46 AM
Multiple Vulnerabilities in Half-Life	TS \| Thomas	Old Frontpage News & Comments	3	08-02-2003 09:16 PM
ICQ Link to forum ICQ channel	Tweakster	Site Feedback & Suggestions	0	05-10-2002 05:47 PM