9/8/2006

AOL’s ICQ IM Service Vulnerable To Attack

Filed under: — By Aviran Mordo @ 11:52 pm

A security research firm today reported two vulnerabilities in America Online’s ICQ global instant messaging service that could allow malicious attacks on the computers of more than 160 million registered users.

Unless users upgrade to version 5.1 of ICQ, their computers are susceptible to a vulnerability in the ICQ Pro 2003b IM client that could lead to denial-of-service attacks and remote compromise of systems, according to an alert issued by Core Security Technologies, a provider of penetration testing tools. This heap overflow vulnerability is similar to a buffer overflow: An attacker can fill an input field with too many characters and crash a PC. In the case of ICQ, attackers can add malicious data packets as part of an IM conversation.

Source: InformationWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress