Local Heap OverFlow Vulnerability in "Answering Service" of Icq

2006.11.07
Credit: LegendaryZion
Risk: Low
Local: Yes
Remote: No
CWE: N/A


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

·= Security Advisory =· Issue: Local Heap OverFlow Vulnerability in "Answering Service" of Icq. Discovered Date: 09/08/2006 Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com] Product Vendor: http://www.Icq.com Details: Icq 2003 client is prone to a Local Heap OverFlow Vulnerability. The vulnerability exists in "Answering Service" function, because lack of boundary testing. Usage: Open the key: HKLMSoftwareMirabilisICQICQProDefaultPrefsPresets Edit the value: AwayMsg Presets [#] Add 501 bytes string value. Open icq. Change the away to the one you have audit above and the icq client crash. Tested on Icq 2003b 3916 Thanks, Tal Argoni, CEH www.zion-security.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top