ICQ Message Handling and Conversion Remote Format String Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 29 Feb 2008 5653 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in ICQ, which could be exploited by remote attackers to cause a denial of service or potentially take complete control of an affected system. This issue is caused by a format string error when processing and converting received HTML messages, which could be exploited by remote attackers to crash an affected application or potentially execute arbitrary code by sending a malicious message to an ICQ user.

System / Technologies affected

  • ICQ version 6.0.0.6043 and prior

Solutions

There is no patch available for this vulnerability currently.

Temporary Solutions

  • Enable the "Accept messages only from contacts" option and remove untrusted users from your contact list.
  • If the "Ask me before displaying messages from people I don't know" option is enabled, discard incoming messages.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Trend Micro OfficeScan Multiple Remote Buffer Overflow Vulnerabilities

29 Feb 2008 5545 Views

Next

Sun Java Multiple Code Execution and Security Bypass Vulnerabilities

6 Mar 2008 5640 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY