Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] ICQ Client Cross-Application Scripting

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] ICQ Client Cross-Application Scripting
Date: 11 May 2006 16:42:09 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  ICQ Client Cross-Application Scripting
------------------------------------------------------------------------


SUMMARY

 <http://www.icq.com/> ICQ is a popular instant messaging application by 
ICQ Inc.

Under some conditions the ICQ client is vulnerable to remote script 
injection into the My Computer Security Zone of Internet Explorer's 
component used to display advertisement banners.

DETAILS

Cross  application  scripting  (XAS)  is  possible  when  an application 
executes  data in a security context different from the original content 
(presumably  one  with less security restrictions). For example the data 
may  be obtained from an un-trusted source (a remote web server) that is 
sent  unfiltered  into a trusted application such as when web content is 
downloaded  from  a  remote  server,  and then re-displayed on the local 
host.  Any  application  that  downloads  and  then  later  displays and 
executes web content (such as JavaScript) may be vulnerable to XAS.

ICQ Client has very annoying advertising function. Banners are displayed 
inside  Internet Explorer COM object embedded into main window,  Welcome 
Screen   and  every   Message  Session   dialogs.  Under  some condition 
attacker  can  replace  HTML content in this forms with malicious script 
which  will  be  executed  in  My  Computer  security  zone  of Internet 
Explorer.

Workaround:
1. Press Ctrl+Shift+Esc
2. In File/Run menu type cmd.exe
3. In cmd.exe console type
echo 127.0.0.1  ar.atwola.com  >> %SystemRoot%\system32\drivers\etc\hosts

Disclosure Timeline:
 * 5/2005 - Vulnerability discovered
 * 4/2006 - Last attempt to contact vendor
 * 5/2006 - Public disclosure


ADDITIONAL INFORMATION

The information has been provided by 3APA3A.
The original article can be found at:  <http://www.security.nnov.ru/> 
http://www.security.nnov.ru/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] ICQ Client Cross-Application Scripting, SecuriTeam <=
Previous by Date:  [NT] Internet Explorer Bundled Flash Player Code Execution (MS06-020), SecuriTeam
Next by Date:  [UNIX] 3Com TippingPoint SMS Server Information Disclosure, SecuriTeam
Previous by Thread:  [NT] Internet Explorer Bundled Flash Player Code Execution (MS06-020), SecuriTeam
Next by Thread:  [UNIX] 3Com TippingPoint SMS Server Information Disclosure, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]