Mirabilis ICQ Remote Buffer Overflow Vulnerability

ICQ is an instant messaging application from Mirabilis.

A buffer overflow exists in ICQs handling of specially formatted communications. A maliciously constructed Voice Video & Games request with a TLV (type, length, value) type of 0x2711 may overwrite data on the stack, including a return address. This can easily cause the ICQ client to crash, and it may be possible to remotely execute arbitrary code.

It has been reported that this issue is not specific to this TLV type, and may also be exploited through direct client to client communication.


 

Privacy Statement
Copyright 2010, SecurityFocus