Home / exploits ICQ 7.5 Denial Of Service
Posted on 29 July 2011
+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 07/28/2011 Vendor: ------- ICQ - http://www.icq.com/ Affected Software: ------------------ Software: ICQ Version: <= 7.5 Affected Platforms: ------------------- Windows (XP, Vista, 7) Vulnerability Class: -------------------- Remote Denial of Service - MUIMessage.dll Description: ------------ ICQ suffers from a remote Denial of Service vulnerability due to a lack of input validation, output sanitization, wrong filetype and filename handling over file transfers. Proof of Concept: ----------------- The following file and payload can be used to trigger the described vulnerability (send to victim as file): --- SNIP --- sh3ll$ echo "0" > <iframe src="icq.com" onload=alert('0x90')>.rtf --- SNIP --- Now, an attacker only needs to send this file to the victim. It will crash the ICQ client of the victim whenever the attacker cancels the filetransfer. Afterwards whenever the victim is trying to send a message to the attacker, it will crash after a few seconds... So this could be a "Cross-Site Scripting leading to Denial of Service"? :) For a PoC demonstration see: - http://www.youtube.com/watch?v=7I1JNUWLeec Impact: ------- An attacker could trivially crash ICQ clients of remote users without victim interaction. Threat Level: ------------- Medium Solution: --------- ICQ has to validate input, sanitize output, handle file names and file types properly.
