[13453] in bugtraq
Re: ICQ Buffer Overflow Exploit
daemon@ATHENA.MIT.EDU (Nick Summy)
Thu Jan 20 16:41:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38860EC2.89D389A8@shakur.net>
Date: Wed, 19 Jan 2000 13:21:38 -0600
Reply-To: Nick Summy <doggystyle@SHAKUR.NET>
From: Nick Summy <doggystyle@SHAKUR.NET>
X-To: BUGTRAQ <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Not difficult at all, if anyone has ever though about it, here
http://www.student.nada.kth.se/~d95-mih/icq/ is a webpage that explains a
lot about the ICQ protocol, it also explains a little about AOL's
- Nick
Bryce Walter wrote:
> Yes, but how tough would it be to write your own client to send msgs on the
> icq network. MS did it w/ AOL's instant messenger. :)
>
> >I have been playing with this bug a little, and it seems that ICQ only
> >picks
> >up oversize messages when they are keyed in, and not when they are pasted.
> >maybe it wouldn't be so bad if this was fixed so that at least the client
> >couldn't be used to execute this attack. :-/
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
