Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Administrivia #4883

From: Ken.Williams () EY COM (Ken Williams)
Date: Fri, 14 Jan 2000 17:25:01 -0600

i have received reports that ICQ 99* and later surreptitiously snag credit card data from your HD and send it to 
Mirabilis, without any notification or confirmation.  these reports are unsubstantiated - based on the report sources 
though, this is worth looking into.

- kw

nascheme () ENME UCALGARY CA on 01/14/2000 02:21:15 PM

Please respond to nascheme () ENME UCALGARY CA@Internet
To:     VULN-DEV () SECURITYFOCUS COM@Internet
cc:     
Subject:        Re: Administrivia #4883

ICQ is a disaster waiting to happen.  There is strcat and strcpy
all over the place last time I looked at it.  I didn't have time
to develop and exploit though.

    Neil

*******************************************************************************
Note:          The information contained in this message may be privileged and confidential and protected from 
disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this communication in error, please notify 
us immediately by replying to the message and deleting it from your computer.  Thank you.  Ernst & Young LLP
*******************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: