Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICQ Spoofing Question (or second dumb question of the day)

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 23 Sep 2000 15:01:04 +0200
Now, I do agree that hacking icq accounts by the aid of JPEG is extremly
far fetched, but actually possible? A number of netscape versions (perhaps
other softwares as well) had an exploitable overflow in the JPEG handling.

Assuming that someone wrote a kit which was designed to aid in an attack
somehow (shellcode which actually grabs icq passwords sounds a bit hard to
code though), attackers could actively use JPEGs for this.

The obvious question is then why the bug was fixed so much later if it was
know back then :) Or why it wasn't widely abused by the masses.


(Ofcourse everybody knows by now that ICQ is a braindead protocol that was
meant to be broken from day #1)

I like the 'meant to' part, heh, but that would imply they were not
incredibly clueless about internet. I remember a public statement they once
stated someone had hacked icq accounts via a trojan JPEG image, uhh, yeah,
ok (r33t).


..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe
Previous By Date Next
Previous By Thread Next

Current thread: