Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
ICQ flaws open PCs to attack
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="net1" data-source="post: 20057"><p>A security company has released an advisory detailing six flaws in the ICQ communication software, two of which are serious vulnerabilities </p><p>Two serious flaws in America Online's ICQ software could allow an online attacker to take control of a person's PC, a Boston security firm warned in an advisory released on Monday. </p><p></p><p>Core Security Technologies described the vulnerabilities in an advisory released to several public security lists. While the company found a total of six flaws, it said only two have serious implications because they could allow an attacker to run code on the victim's computer. </p><p></p><p>"However, the risk associated to each vulnerabilities is highly dependent on the environment in which ICQ is being used," said Ivan Arce, chief technology officer for Core. "Generally we don't make assumptions about risk in our advisories because we don't think the one-size-fits-all approach is valid." </p><p></p><p>The vulnerable ICQ Pro 2003a client is the latest version of America Online's ICQ instant messaging software, which has been downloaded from CNET Network's Download.com site more than 228 million times. Last year, the company offered a slimmed-down version called ICQ Lite. That application doesn't have the flaws, according to the advisory. </p><p></p><p>No one from America Online's ICQ subsidiary was available on Monday to comment on the alleged flaws. The security researchers also noted that they had problems reaching those responsible for security at ICQ. </p><p></p><p>"We also attempted to get specific security contact points from third parties that might have reported ICQ bugs before but had no success with this either, so after over a month of going back and forth with the advisory we finally decided to publish it unilaterally," he said. </p><p></p><p>Three of the vulnerabilities, including one of the critical flaws, occurred in the software's email feature. A bug in the component could allow an attacker to use the way the software handles email to cause it to execute code, if the attacker can impersonate the user's email server. </p><p></p><p>The other so-called critical vulnerability appeared in a feature of ICQ that allows automated updating, the group said. Because that component doesn't have adequate security, an attacker could pretend to be sending a legitimate update when in reality the upgrade is hostile code. </p><p></p><p>Israeli company Mirabilis, which created the software, was bought by America Online in June 1998 and its name was changed to ICQ Inc. ICQ is short for "I Seek You."</p></blockquote><p></p>
[QUOTE="net1, post: 20057"] A security company has released an advisory detailing six flaws in the ICQ communication software, two of which are serious vulnerabilities Two serious flaws in America Online's ICQ software could allow an online attacker to take control of a person's PC, a Boston security firm warned in an advisory released on Monday. Core Security Technologies described the vulnerabilities in an advisory released to several public security lists. While the company found a total of six flaws, it said only two have serious implications because they could allow an attacker to run code on the victim's computer. "However, the risk associated to each vulnerabilities is highly dependent on the environment in which ICQ is being used," said Ivan Arce, chief technology officer for Core. "Generally we don't make assumptions about risk in our advisories because we don't think the one-size-fits-all approach is valid." The vulnerable ICQ Pro 2003a client is the latest version of America Online's ICQ instant messaging software, which has been downloaded from CNET Network's Download.com site more than 228 million times. Last year, the company offered a slimmed-down version called ICQ Lite. That application doesn't have the flaws, according to the advisory. No one from America Online's ICQ subsidiary was available on Monday to comment on the alleged flaws. The security researchers also noted that they had problems reaching those responsible for security at ICQ. "We also attempted to get specific security contact points from third parties that might have reported ICQ bugs before but had no success with this either, so after over a month of going back and forth with the advisory we finally decided to publish it unilaterally," he said. Three of the vulnerabilities, including one of the critical flaws, occurred in the software's email feature. A bug in the component could allow an attacker to use the way the software handles email to cause it to execute code, if the attacker can impersonate the user's email server. The other so-called critical vulnerability appeared in a feature of ICQ that allows automated updating, the group said. Because that component doesn't have adequate security, an attacker could pretend to be sending a legitimate update when in reality the upgrade is hostile code. Israeli company Mirabilis, which created the software, was bought by America Online in June 1998 and its name was changed to ICQ Inc. ICQ is short for "I Seek You." [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
ICQ flaws open PCs to attack
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top