SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Instant Messaging/IRC/Chat)  >  ICQ Vendors:  ICQ Inc.
ICQ Instant Messaging Client Software Can Be Crashed By a Remote User Sending a Message With a Large Number of Graphical 'Smiles'
SecurityTracker Alert ID:  1004845
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 26 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 2001, 2002
Description:  A denial of service vulnerability was reported in the ICQ instant messaging client software. A remote user can cause the ICQ client to temporarily consume all available CPU resources or to crash.

It is reported that a remote user can send an instant message containing a large number of graphical 'smiles' (a message approximately 7000 bytes in length). This may cause the target user's ICQ client to consume all available CPU resources for approximately 10 to 20 seconds or to crash.

According to the report, ICQ clients that have a large '.dat' file (containing the history) may be prone to crashing.

A demonstration exploit is available at:

http://www.iFud.com/dfm/DFMa.exe
Impact:  A remote user can send an instant message to cause the recipient's ICQ client to hang temporarily or to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.icq.com/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (Any)
Reported By:  Michael <spacoom@gmx.net>
Message History:   None.

 Source Message Contents
Date:  24 Jul 2002 15:38:22 -0000
From:  Michael <spacoom@gmx.net>
Subject:  Icq 2001&2002 vulnerability

 



Icq 2001&2002 have feature, that allows to insert graphical smiles.
I found, that if you send message filled with lots of smiles(icq msg can 
be about 7000 bytes long), then target icq hangs for 10-20 seconds, 
consuming all CPU time, or simply crashs.

It seems for me that such type of message crashs only icq's that have 
large .dat file, which holds all history.

You can download working example from: http://www.iFud.com/dfm/DFMa.exe

As you maybe remember, AOL was trying to threaten me for finding bugs. You 
can find new threats here: http://www.iFud.com/aol.htm

Michael, icq 102166


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC