Results 1 to 2 of 2

Thread: Vulnerability: ICQ Sound Scheme Predictable File Location

  1. July 19th, 2002, 05:39 AM #1
    s0nIc
    s0nIc is offline
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: ICQ Sound Scheme Predictable File Location

    ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension.

    When installed, a sound scheme places a number of wav sound files in a predictable location within the installation directory of ICQ.

    An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.

    Remote: Yes

    Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.

    http://www.xs4all.nl/~jkuperus/icq/icq.htm
    Reply With Quote Reply With Quote
  2. July 21st, 2002, 11:12 PM #2
    (V)/\><
    (V)/\>< is offline
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    could you explain in more detail how this works?
    like, is that link dangerous or what?
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules