CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
image Beware!: Security group: ICQ is flawed image
America Online
By Robert Lemos
May 5, 2003

Two serious flaws in America Online's ICQ software could allow an online attacker to take control of a person's PC, a Boston security firm warned in an advisory released Monday. Core Security Technologies described the vulnerabilities in an advisory released to several public security lists. While the company found a total of six flaws, it said only two have serious implications because they could allow an attacker to run code on the victim's computer

"However, the risk associated to each vulnerabilities is highly dependent on the environment in which ICQ is being used," said Ivan Arce, chief technology officer for Core. "Generally we don't make assumptions about risk in our advisories because we don't think the one-size-fits-all approach is valid."

The vulnerable ICQ Pro 2003a client is the latest version of America Online's ICQ instant messaging software, which has been downloaded from CNET Network's Download.com site more than 228 million times. Last year, the company offered a slimmed down version called ICQ Lite. That application doesn't have the flaws, according to the advisory.

No one from America Online's ICQ subsidiary was available Monday to comment on the alleged flaws. The security researchers also noted that they had problems reaching those responsible for security at ICQ.

"We also attempted to get specific security contact points from third parties that might have reported ICQ bugs before but had no success with this either, so after over a month of going back and forth with the advisory we finally decided to publish it unilaterally," he said.

Three of the vulnerabilities, including one of the critical flaws, occurred in the software's e-mail feature. A bug in the component could allow an attacker to use the way the software handles e-mail to cause it to execute code, if the attacker can impersonate the user's e-mail server.

Article Source
News.com


Posted on Monday, 05 May 2003 @ 23:31:29 UTC by cj (1751 reads)
[ Trackback ]		image

"Beware!: Security group: ICQ is flawed" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· News.com
· PHP HomePage
· HotScripts
· W3 Consortium
· America Online
· C|Net News
· More about America Online
· News by cj

Most read story about America Online:
Aluria and WhenU... How do they fit with AOL?
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
185ppm 0.178s (0.014s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer