ICQ 6 Personal Status Processing Vulnerability
A new vulnerability in ICQ can be exploited by malicious people to compromise another user’s system. The vulnerability is caused due to a boundary error when processing “Personal Statuses” set via the “Personal Status Manager” menu. This can be exploited to cause a heap-based buffer overflow by creating a specially crafted personal status and e.g. sending a message to another user.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in version 6 build 6043. Other versions may also be affected.
The vendor has reportedly issued a fix via automatic updates.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.