• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mirabilis ICQ POP3 Client Date Field Signed Integer Overflow Vulnerability

A vulnerability has been reported for the POP3 client of ICQ that may result in the execution of arbitrary attacker-supplied commands.

The vulnerability exists due to insufficient boundary checks performed by the integrated POP3 mail client when verifying the length of certain e-mail header fields.

Successful exploitation of this issue may allow an attacker to overwrite sensitive memory with malicious values which will result in the client throwing an unhandled exception and crashing.