[13354] in bugtraq
Re: ICQ Buffer Overflow Exploit
daemon@ATHENA.MIT.EDU (Tom Schumm)
Fri Jan 14 23:01:19 2000
Message-Id: <004601bf5eba$354f9840$3e568bcd@ismi.net>
Date: Fri, 14 Jan 2000 13:07:23 -0500
Reply-To: Tom Schumm <tom@ISMI.NET>
From: Tom Schumm <tom@ISMI.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> 1. I am not able to verify this vulnerability under Windows98, running ICQ
> 99b Beta 3.19 Build 2569. I tried sending excessively long URL's using
> the URL message send (I could not find a way of sending a URL during chat,
> [snip...]
I believe the buffer overflow is in the regular text messages, NOT the URL
messages. ICQ usually parses and highlights URL's typed into messages. I
just tried sending a really long URL in a message with the same version of
ICQ under Windows 98 and the client crashed as soon as I clicked on the URL.
It will also die if you open up the message in the history and click on the
URL.
> 2. I do not agree with your fix, however. There is a much simpler fix
> available, go into the Preferences window, select the Events tab, select
> the URL setting on the "Select Event to Configure" combobox and then
> select "Auto Decline." This appears to shut down the http event.
> [snip...]
Since the problem is in the regular messages, you can't very well decline
all of those. It is probably best just to auto-decline all the ones that
aren't from people you know (i.e. those folks on your contact list). As far
as I can tell, the overflow doesn't happen just by viewing the message - you
have to click on the URL. If that's the case, you might just be able to
avoid the problem by not clicking on those long urls.
