exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ICQ-xas.txt

ICQ-xas.txt
Posted May 17, 2006
Authored by 3APA3A | Site security.nnov.ru

Under some conditions, the ICQ client is vulnerable to remote script injection into the My Computer Security Zone of the Internet Explorer component used to display advertisement banners.

tags | advisory, remote
SHA-256 | c1b734689902bb448560a2eb96f4343e17e937067a337cfa835e1a669561f972

ICQ-xas.txt

Change Mirror Download


QQLan QQlan@yandex.ru reported vulnerability in multiple versions of ICQ
Inc.' ICQ instant messenger client in a way it interacts with Microsoft
Internet Explorer.

Author: QQlan <QQlan@yandex.ru>
Title: ICQ Client Cross-Application Scripting (XAS)
Vendor: ICQ Inc.
Application: ICQ
Versions: up to and including 5.04 build 2321
Vulnerability class: man-in-the-middle, against client
Vulnerability type: cross application scripting (My Computer zone)
Risk level: low (high, if unsecured shared network is used)

Intro:

ICQ is probably most popular instant messaging application by ICQ Inc.

Description:

Under some conditions, ICQ client is vulnerable to remote script injection into
My Computer Security Zone of Internet Explorer component used to display
advertisement banners.

Detailed description:

<quote src=http://www.security.nnov.ru/Jdocument327.html>
Cross application scripting (XAS) is possible when an application
executes data in a security context different from the original content
(presumably one with less security restrictions). For example the data
may be obtained from an un-trusted source (a remote web server) that is
sent unfiltered into a trusted application such as when web content is
downloaded from a remote server, and then re-displayed on the local
host. Any application that downloads and then later displays and
executes web content (such as JavaScript) may be vulnerable to XAS.
</quote>

ICQ Client has very annoying advertising function. Banners are displayed
inside Internet Explorer COM object embedded into main window, “Welcome
Screen” and every “Message Session” dialogs. Under some condition
attacker can replace HTML content in this forms with malicious script
which will be executed in My Computer security zone of Internet
Explorer.

Technical information will be published (three months maybe years later)
after vendor provide a patch.

Workaround:

1. Press Ctrl+Shift+Esc
2. In File/Run menu type cmd.exe
3. In cmd.exe console type
echo 127.0.0.1 ar.atwola.com >> %SystemRoot%\system32\drivers\etc\hosts

Disclosure timeline:

5/2005 Vulnerability discovered
4/2006 Last attempt to contact vendor
5/2006 Public disclosure

--
/3APA3A
http://www.security.nnov.ru/

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close