ICQ 2003b Build 3916 栈缓冲区溢出

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192978 漏洞类型 缓冲区溢出
发布时间 2006-11-03 更新时间 2006-11-03
CVE编号 CVE-2006-5724 CNNVD-ID CNNVD-200611-058
漏洞平台 N/A CVSS评分 2.1
|漏洞来源
https://www.securityfocus.com/bid/87194
https://cxsecurity.com/issue/WLB-2006110021
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-058
|漏洞详情
ICQ2003bBuild3916的"应答服务"功能存在栈缓冲区溢出,本地用户可以通过在ICQ\ICQPro\DefaultPrefs\Presets注册表项中的"AwayMsgPresets"值中的长字符串来发起拒绝服务攻击(应用程序崩溃)。
|漏洞EXP
·= Security Advisory =·

Issue: Local Heap OverFlow Vulnerability
in "Answering Service" of Icq.
Discovered Date: 09/08/2006
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://www.Icq.com

Details:

Icq 2003 client is prone to a Local Heap OverFlow Vulnerability.
The vulnerability exists in "Answering Service" function,
because lack of boundary testing.

Usage:

Open the key: HKLMSoftwareMirabilisICQICQProDefaultPrefsPresets
Edit the value: AwayMsg Presets [#]
Add 501 bytes string value.
Open icq.
Change the away to the one you have audit above and the icq client crash.

Tested on Icq 2003b 3916


Thanks,
Tal Argoni, CEH
www.zion-security.com 



|受影响的产品
Mirabilis ICQ 2003B Build3916
|参考资料

来源:XF
名称:icq-answering-service-bo(29933)
链接:http://xforce.iss.net/xforce/xfdb/29933
来源:FULLDISC
名称:20061031LocalHeapOverFlowVulnerabilityin"AnsweringService"ofIcq
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050461.html
来源:SREASON
名称:1818
链接:http://securityreason.com/securityalert/1818