Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

AOL ICQ vulnerabilities

Published: 2006-09-08
Last Updated: 2006-09-08 19:08:27 UTC
by donald smith (Version: 1)
0 comment(s)
Core Security released two ICQ related advisories today.
One for ICQ tool bar for IE and another for AOL's ICQ client.
Since Core Security states they used a fuzzier to discover these issues
I suspect there will be other ICQ vulnerabilities discovered and announced by them in the future.

"Advisory ID: CORE-2006-0322
Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
Security problems found in the ICQ Toolbar v1.3 may allow attackers to
control and change configuration settings and to inject scripting code
in RSS feed contents and execute it in the contexts of the feed
interface (IE's Local Zone)

Vulnerable Packages:
The following AOL/ICQ software products are affected by these issues:

Remote configuration vulnerability
ICQ Toolbar 1.3 for Internet Explorer

Malicious RSS feed vulnerability
ICQ Toolbar 1.3 for Internet Explorer

ICQ Search Plugin for Mozilla / Firefox is reported as not being vulnerable.

Advisory ID: CORE-2006-0321
AOL ICQ Pro 2003b heap overflow vulnerability
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509
A vulnerability in AOL's ICQ Pro 2003b instant messenger client could
lead to denial of service attacks and remote compromise of systems
running vulnerable versions of the client.

Vulnerable Packages:
The following AOL/ICQ software products are affected by this issue:
ICQ Pro 2003b Build #3916 and previous.

Non-vulnerable Packages:
ICQ 5.1 and ICQ2Go!

AOL and ICQ recommend that users upgrade to the latest version of the
ICQ client: ICQ 5.1"

Keywords:
0 comment(s)

Is someone watching your internet traffic or telephone calls?

Published: 2006-09-08
Last Updated: 2006-09-08 19:04:40 UTC
by donald smith (Version: 1)
0 comment(s)
MattM provide this interesting news item to me today.
It is an interesting read.
However given the options to hide the path your packets take that are available to most ISPs today I would be surprised if they would make this monitoring so noticeable. Simply tracerouting to see if you packets go through sffca.ip.att.net is too simple of a detection method.
For more details see the link.

The Newbie's Guide to Detecting the NSA
http://radar.oreilly.com/archives/2006/06/the_newbies_guide_to_detecting.html


Keywords:
0 comment(s)
Diary Archives