Bugtraq mailing list archives

Re: ICQ Buffer Overflow Exploit

From: toto () XPLOITER COM (Simon Steed)
Date: Thu, 13 Jan 2000 20:37:53 +0000


Tested on NT4 (SP6), ICQ ver 99 beta build 3.19

Does not work. Just get the URL 404 not found (obviously :o)). ICQ
Functions as normal.

Regards

Simon

At 06:30 PM 1/11/00 , you wrote:

Buffer Overflow in ICQ


OS tested on: Windows 2000
ICQ version: 99b 1.1.1.1

ICQ is a very popular chat client that is affected by
a exploitable buffer
overflow when it parses an URL sent by another user.


Project Xploiter - Open Source Development
http://www.xploiter.com/project_xploiter/index.html
Xploit your software before it Xploits you!
ICQ UIN: 22731442

Current thread:

Re: NIS2k, (continued)
- - - Re: NIS2k Brad Griffin (Jan 13)
    - Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
    - Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
    - New MySQL Available Scott (Jan 13)
    - BindView Security Advisory: Local Promotion Vulnerability in Windows NT 4 BindView Security Advisory (Jan 13)
    - Microsoft Security Bulletin (MS00-003) Microsoft Product Security (Jan 13)
    - ICQ Buffer Overflow Exploit drew copley (Jan 11)
    - Re: ICQ Buffer Overflow Exploit Dennis W. Mattison (Little Wolf) (Jan 12)
    - Re: ICQ Buffer Overflow Exploit Michael DeSimone (Jan 13)
    - Re: ICQ Buffer Overflow Exploit Tom Schumm (Jan 14)
    - Re: ICQ Buffer Overflow Exploit Simon Steed (Jan 13)
    - Anyone can take over virtually any domain on the net... Thomas Reinke (Jan 11)
    - Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
    - Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
    - Blinding BIND to a moving domain D. J. Bernstein (Jan 12)
    - Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)
    - CyberCash MCK 3.2.0.4: Large /tmp hole Sheldon Young (Jan 12)

(Thread continues...)