This is very similar to the AIM overflow recently discovered. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions.
Read more at www.xatrix.org if you want to be informed...