ICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1+-----------------------------------------------------------------------------+
| noptrix.net - Public Security Advisory |
+-----------------------------------------------------------------------------+
Date:
-----
07/28/2011
Vendor:
-------
ICQ - http://www.icq.com/
Affected Software:
------------------
Software: ICQ
Version: <= 7.5
Affected Platforms:
-------------------
Windows (XP, Vista, 7)
Vulnerability Class:
--------------------
Remote Denial of Service - MUIMessage.dll
Description:
------------
ICQ suffers from a remote Denial of Service vulnerability due to a lack of input
validation, output sanitization, wrong filetype and filename handling over file
transfers.
Proof of Concept:
-----------------
The following file and payload can be used to trigger the described
vulnerability (send to victim as file):
--- SNIP ---
sh3ll$ echo "0" > \<iframe src\=\"icq.com\"\ onload\=alert\('0x90'\)\>.rtf
--- SNIP ---
Now, an attacker only needs to send this file to the victim. It will crash the
ICQ client of the victim whenever the attacker cancels the filetransfer.
Afterwards whenever the victim is trying to send a message to the attacker, it
will crash after a few seconds...
So this could be a "Cross-Site Scripting leading to Denial of Service"? :)
For a PoC demonstration see:
- http://www.youtube.com/watch?v=7I1JNUWLeec
Impact:
-------
An attacker could trivially crash ICQ clients of remote users without victim
interaction.
Threat Level:
-------------
Medium
Solution:
---------
ICQ has to validate input, sanitize output, handle file names and file types
properly.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed