ICQ Remote Buffer Overflow Vulnerability Discovered!

Published by

This is very similar to the AIM overflow recently discovered. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions. ICQ protocol uses the same TLV (2711) packet and there is a similar weakness in the parsing of the packet. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions. Execution of arbitary code is possible since EAX/EBX point to within the payload. Source: Xatrix