brainslicer Postad 28 Februari , 2008 Rapport Share Postad 28 Februari , 2008 kanske inte så många om använder ICQ, men en liten påminnelse att även IM-program kan ställa till det. ICQ Message Processing Format String Vulnerability Secunia Advisory: SA29138 Release Date: 2008-02-28 Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched Software:ICQ 6.x This advisory is currently marked as unpatched! Description:B0B has discovered a vulnerability in ICQ, which can be exploited by malicious people to compromise another user's system. The vulnerability is caused due to a format string error when generating HTML code to display messages in the embedded Internet Explorer component, which can be exploited by sending specially crafted messages containing format string specifiers to another user. Successful exploitation allows the execution of arbitrary code. The vulnerability is confirmed in ICQ 6 build 6043. Other versions may also be affected. Solution: Enable the "Accept messages only from contacts" option and remove untrusted users from your contact list. If the "Ask me before displaying messages from people I don't know" option is enabled, discard incoming messages. Original Advisory: http://board.raidrush.ws/showthread.php?t=386983 Citera Länk till kommentar Dela på andra webbplatser More sharing options...
VDOP Postad 28 Februari , 2008 Rapport Share Postad 28 Februari , 2008 ICQ - vilken nostalgi. Men, som du är inne på, är det nån som använder ICQ idag? Förutom Lisbeth Salander förstås. Citera Länk till kommentar Dela på andra webbplatser More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.