The ICQ Greeting Card service allows HTML commands to be sent to the target user. Any malicious HTML such as file:///c:/con/con can crash the system or exploit other HTML based vulnerabilities.
bc5b109db4538ee867af58c61bf71e039eb3c0c10b62871eae499953483f35fcHi,
I don't know if this has been reported before. ICQ's Greeting Card service
allow you to send message with HTML commands so you can crash target
computer or run script codes.
<meta http-equiv="REFRESH" content="3; URL=file:///c:/con/con">
If you write this in message box target computer should be crash in 3
seconds.
Meliksah Ozoral
meliksah@meliksah.net
www.meliksah.net
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed