Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Servic

from [LegendaryZion] Network Security [Permanent Link]
Subject: [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq
Date: Tue, 31 Oct 2006 18:25:13 +0200 

·= Security Advisory =·
Issue: Local Heap OverFlow Vulnerabilityin "Answering Service" of 
Icq.Discovered Date: 09/08/2006Author: Tal Argoni, LegendaryZion. [talargoni at 
gmail.com]Product Vendor: http://www.Icq.com
Details:
Icq 2003 client is prone to a Local Heap OverFlow Vulnerability.The 
vulnerability exists in "Answering Service" function,because lack of boundary 
testing.
Usage:
Open the key: HKLM\Software\Mirabilis\ICQ\ICQPro\DefaultPrefs\PresetsEdit the 
value: AwayMsg Presets [#]Add 501 bytes string value.Open icq.Change the away 
to the one you have audit above and the icq client crash.
Tested on Icq 2003b 3916

Thanks,Tal Argoni, CEHwww.zion-security.com 
_______________________________________________Full-Disclosure - We believe in 
it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and 
sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion <=
Previous by Date:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion
Next by Date:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion
Previous by Thread:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion
Next by Thread:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion
Indexes:  [Date] [Thread] [Top] [All Lists]