Title: Mirabilis ICQ Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
ICQ is an instant messaging application from Mirabilis.
A buffer overflow exists in ICQs handling of specially formatted communications. A maliciously constructed Voice Video & Games request with a TLV (type, length, value) type of 0x2711 may overwrite data on the stack, including a return address. This can easily cause the ICQ client to crash, and it may be possible to remotely execute arbitrary code.
It has been reported that this issue is not specific to this TLV type, and may also be exploited through direct client to client communication.
Earlier versions of ICQ 2001b share this vulnerability.
Affected Products:
- Mirabilis ICQ 2000.0.0A
- Mirabilis ICQ 2000.0.0b Build 3278
- Mirabilis ICQ 2001 0.0.0a
- Mirabilis ICQ 2001 0.0.0b Build #3636
- Mirabilis ICQ 2001 0.0.0b Build #3638
References:
- Mirabilis: ICQ Homepage
- Mirabilis: ICQ Security Announcement
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
